Cyber security risks are rising globally.
Erik Tham | Corbis Documentary | Getty Images
Capital One on Monday disclosed that an outside hacker accessed personal information relating preexisting credit card customers or those who’d applied for a card.
The bank added that based on in-house analysis, the event affected about 100 million people in the United States and approximately 6 million in Canada. The FBI arrested suspect Paige Thompson, who was charged with computer fraud and abuse, according to court records.
You’ll want to take note if this applies to you: Capital One said the largest category of jeopardized data was information on consumers and small businesses as of the time they applied for credit card products from 2005 through early 2019.
The data included personal information the company said it collects at the time it receives card applications, including names, addresses, zip codes, phone numbers, email addresses, dates of birth and self-reported income.
Beyond that application data, the individual also gained access to credit card data including credit scores, limits, balances and payment history as well as fragments of transactions data from a total of 23 days during 2016, 2017 and 2018.
About 140,000 Social Security numbers and 80,000 linked bank account numbers were compromised.
The company offered guidelines on how to determine if information had been accessed as well as instructions on how to shore up account security.
- Capital One will notify affected individuals through “a variety of channels” and offer free credit monitoring and identity protection available to all affected.
- Capital One believes “it is unlikely that the information was used for fraud or disseminated.”
- Enroll in account text and/or email alerts to help keep track of activity.
- Monitor credit card accounts for unusual or suspicious activity.
- Call the number on the back of the credit card if unusual activity is observed.
- Stay vigilant about the possibility of phishing emails and calls following the breach. Phishing is a malicious attempt to access personal information or bank accounts by posing as a legitimate company or official.
- Capital One is not calling customers to ask for credit card or account information or Social Security numbers over the phone or via email.
- Report emails suspected of phishing activity by forwarding it to the official Capital One security account, firstname.lastname@example.org. Do not reply to suspicious emails and delete them after forwarding them to Capital One.
For more information and updates on how to tell if you’ve been affected, customers can visit the Capital One website established for this breach, https://www.capitalone.com/facts2019.