August 1, 2019
Yesterday, a week after Equifax reached a whopping $650 million dollar settlement from their 2017 breach, Capital One disclosed in a press release that it suffered a massive data breach exposing the personal information of about 100 million Americans and 6 million Canadians.
Again, another huge enterprise has fallen victim to one of the worst corporate data breaches in history. Last year it was the Marriot with 500 million people affected. The year before, Equifax with 140 million accounts in 2017 and Friend Finder Networks with 400 million accounts in 2016.
According to Capital One, the breach occurred between March 22nd and 23rd, 2019 and Capital One determined there was a breach on July 19th, 2019.
Who is taking the hit?
The breach was a result of a “configuration vulnerability” of the servers hosting the data that was hacked by a former Amazon Web Services engineer; Paige Thompson who goes by the name Erratic on github. According to the US Justice Department, the 33-year-old hacker is already in custody.
Based on Capital One’s own analysis, the breach included names of customers, addresses, phone numbers, emails, dates of birth, and self-reported incomes. They also state that victims did not have their credit card account numbers or login information exposed and only 1% of these victims had Social Security numbers compromised.
The exact number of this 1% they reference are approximately 140,000 Social Security numbers of their American credit card customers and about 80,000 linked bank account numbers of their secured credit card customers. Canadians were also affected with approximately 1 million Social Insurance Numbers compromised.
There’s no telling how much money Capital One will lose from this breach, by the time the investigation is completed and a settlement is reached with those affected. The company has told investors that it will expect the breach to cost them between $100-$150 million this year alone.
What happens next?
According to Capital One’s statement, those affected by the breach, were consumer and business credit card applicants between 2005-2019. These applicants are linked to “secured” credit cards.
If you were affected by the data breach, then expect Capital One to email you. They have not specified a timeline for this, and have issued guidelines insisting on consumers to monitor their accounts for suspicious activity. They also are offering free credit monitoring and identity protection to those affected by the breach.
In addition, it would be wise to take extra security precautions beyond their guidelines should you operate your personal or business banking with Capital One.
What extra steps can you take to protect your data?
You may want to consider the following:
Freezing your credit accounts. You can request a temporary freeze on your accounts by contacting the credit companies that you use. This would prevent anyone from opening credit and using loans and services without your permission.
Review your credit report. Look for strange activity on your credit reports. If you choose to not freeze your credit card accounts, keep a close eye on your statements for unexpected charges.
Take up Capital One’s free credit card monitoring. It’s free and they will keep an eye on unusual activity.
Setup fraud alerts and contact fraud departments. You will be alerted whenever usual activity occurs. Set this up via Equifax, Experian and TransUnion.
Document everything. Keep any expenses incurred, relevant documents and conversations you have had regarding the theft of your data.
Should you feel at risk, these additional precautions will help you stay protected while Capital One works to resolve the breach.
If you would like any more information about the breach, Capital One has released a FAQ page.