A data breach to Capital One servers in March exposed the personal information of nearly 106 million of the bank’s customers. The hack, which included US and Canadian customers of the banking and credit card company, followed the settlement reached between Equifax and the Federal Trade Commission concerning a hack in 2017 that affected 147 million customers.
According to Capital One, the breach on March 22 and 23, 2019, resulted in the hacker gaining access to personal information related to credit card applications from 2005 to early 2019 for consumers, applicants and small businesses. Capital One detected the breach on July 19. Among the personal data exposed were names, addresses, dates of birth, credit scores, transaction data, Social Security numbers and linked bank account numbers.
About 140,000 Social Security numbers and 80,000 linked bank account numbers were exposed. And for Canadian credit card customers and applicants, approximately 1 million Social Insurance Numbers. Capital One said, however, that no actual credit card account numbers or username and passwords that would allow criminals to log into a customer’s online portal were stolen in the hack.
Now you’re probably wondering, how can I find out if my information was stolen?
Capital One announced that they would contact U.S. individuals by postal mail whose Social Security numbers or linked bank account numbers were part of the hack. Those affected can probably expect a letter during the month of August. Unfortunately at the moment, Capital One doesn’t have a website that lets you check for yourself, unlike with the tool Equifax released to see if you were part of its data breach.
Capital One said it has fixed the exploit the hacker used to access the confidential data and has worked with federal law enforcement on the breach. Similar to how Equifax responded to their breach, Capital One said it will reach out to customers affected by the hack to offer free credit monitoring and identity protection service.
The Take Away
Be skeptical of emails or phone calls from Capital One or government representatives asking for credit card or account information, your Social Security number or other personal information. As I mentioned before, Capital One will only notify you by mail if you’ve been affected by the breach. Anyone else calling or emailing you is likely a scammer.
Now here’s the good news – You don’t have to wait for Capital One to contact you: I’ve put together 2 things you can do minimize your chance of identity theft and 2 things to do if identity theft has happened to you.
1. Monitor your credit reports
You get one free credit report a year from the three major credit bureaus: Equifax, Experian and TransUnion. On your report, look for unusual or unfamiliar activity, such as the appearance of new accounts you didn’t open. And watch your credit card accounts and bank statements for unexpected charges and payments.
2. Sign up for a credit monitoring service
Pick a credit monitoring service that constantly monitors your credit report on major credit bureaus and alerts when it detects unusual activity. To help with the monitoring, you can set fraud alerts that notify you if someone is trying to use your identity to create credit. A credit-reporting service like LifeLock can cost $10 to $30 a month — or you could use a free service like the one from Credit Karma. Capital One said it will provide free credit monitoring and identity protection to all affected customers but it’s likely going to only be for a year or so.
Now if you suspect you’re a victim of fraud or identity theft, as soon as you suspect your ID has been stolen you can take action to stop unauthorized charges and start to recover your identity. I’ve got 2 things you can do about it:
1. Place a fraud alert
If you suspect fraud, place a fraud alert with each of the credit reporting companies: Equifax, Experian and TransUnion. The alert notifies creditors that you have been a victim of fraud and lets them know to verify that you are actually making new credit requests in your name. You can place an initial fraud alert, which stays on your credit report for 90 days, or an extended fraud alert, which stays on your credit report for seven years. Placing a fraud alert does not affect your credit score.
2. Contact fraud departments
For each business and credit card company where you think an account was opened or charged without your knowledge, contact its fraud department. While you are not responsible for fraudulent charges to an account, you need to report the suspicious activity right away.
3. Freeze your credit
If you want to stop anyone from opening credit and requesting loans and services in your name without your permission, you can freeze your credit. You will need to request a freeze with each of the three credit reporting companies, which again are Equifax, Experian and TransUnion. To apply for new credit, you need to unfreeeze your credit, again, through each of the credit reporting companies. You can either request a temporary lift of the freeze or unfreeze it permanently.
Whether you’ve been a victim or not, I always recommend documenting as much as possible. Keep copies of statements and expenses and records and if you do end up being a victim, keep a log of your conversations. An easy way to do this is with Google sheets – something that comes for free with every Gmail account.
Hopefully these tips will help keep you protected. Stay safe out there.