A massive data breach at Capital One Financial Corporation is impacting more than 100 million people in the U.S. and Canada, the company said in a press release.
That would make it one of the 10 largest data breaches ever, according to data from security and risk management watchdog CSO.
Capital One data breach: Who’s affected and what to do if you’re a victim
Capital One says in the release that “there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.”
Based on analysis by the company, that includes around 100 million people in the U.S. and 6 million in Canada.
The U.S. Attorney’s Office in the Western District of Washington State said Monday that Paige A. Thompson, a 33-year-old former technology company software engineer, was arrested for the data theft.
Capital One said it is “unlikely that the information was used for fraud or disseminated by this individual,” but the investigation is ongoing.
According to Capital One, the majority of customers affected were consumers and small business owners who applied for the company’s credit cards between 2005 and early 2019.
“This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income,” the company said.
Even more disturbing, the information accessed included 140,000 Social Security numbers of U.S. customers and 1 million Social Insurance numbers of Canadian customers, along with 80,000 linked bank accounts of secured credit card customers.
Capital One says it is alerting affected customers “through a variety of channels” and making free credit monitoring and identity protection available to those people.
The company has set up a Frequently Asked Questions page regarding the incident here.
What to do if you were affected by the Capital One breach
Unfortunately, this isn’t the first massive breach of a financial services company in recent years and it almost certainly won’t be the last. Team Clark’s advice on what to do in these situations is multi-pronged:
- Freeze your credit: Freezing your credit with the three major credit reporting bureaus is the number one thing you can do to protect your identity and your finances. If you haven’t already done it, visit our Credit Freeze Guide and do it today.
- Monitor your credit: Sign up to monitor your credit for free with Credit Karma or Credit Sesame. You’ll want to do this before you freeze your credit or the monitoring system won’t work. If you are affected by the Capital One breach, you can also take advantage of the free credit monitoring they are offering.
- Set up two-factor authentication (2FA): You should enable two-factor authentication on all of your online financial accounts. This is stronger than a password alone and sets up another barrier to entry for someone trying to access your account illegally.
- Never provide personal or financial information over the phone if you didn’t initiate the call: If someone claiming to be from your bank or financial institution calls you asking for personal information, account numbers, PINs or passwords, hang up immediately and call the number on the back of your card or one listed on the institution’s official website to make sure you’re dealing with someone official.
With so many criminals out there eager to take advantage of people, there will be more data breaches in the future. But by taking these steps, you can at least protect yourself to some degree.