The Capital One Data Breach: What It Is, Who It Impacts, and What to Do About It

On March 22 and23, 2019, Capital One, a credit card and banking company, experienced a majorsecurity breach. Paige Thompson, a former Amazon software engineer, hackedCapital One and gainedaccess to millions of individuals’ personal information. The security breachwas detected on July 19. The criminal also allegedly hacked 30 other organizations.

It seems that our world today isfull of hackers that are trying to steal our identities and use our credit.Identity theft is a terrifying prospect and, if it happens to you, it can betime-consuming and may ruin the credit score that you have worked so hard tobuild up.

Since we rely so heavily on thedigital world, and there is no way to get around that, it’s nearly impossibleto guarantee avoidance of having your identity stolen. So, what are the details of the Capital One security breach andwhat, exactly, can you do about it?

Read on to get the most important details, as well as the recommended courses of action …

If you want to protect yourself from these continuous hacks and breaches, you can package identity theft services with a HelpCloud Tech Support Membership. A month-to-month membership includes 24/7 unlimited tech support on all household devices, premium antivirus software, unlimited data backup, and identity theft protection and restoration services. All in one bundle.

Who Does It Impact?

Capitol One Breach, Tips to Better Secure your Data

The security breach affects morethan 106 million individuals who have, or have applied for, accounts withCapital One between 2005 and early 2019. This includes consumers, smallbusinesses, and applicants. Which means that even if you didn’t get approvedfor a Capital One credit card, simply applying for one may still put you atrisk.

The amount of information stolenis mind-boggling. Over 140,000 social security numbers were taken fromAmericans, as well as over 1 million Canadian social insurance numbers.Canadian residents can find more information on the Capital One website.

That’s on top of the nearly80,000 bank accounts that were linked to the Capital One services, multitudesof names, addresses, phone numbers, birthdates, credit scores, and otherprivate information.

The credit card company hasstated that UK customers, auto finance customers, and commercial bank accountcustomers were not affected by the hacker.

How Is Capital One Handling It?

According to the Capital Onewebsite; “Based onour analysis to date, we believe it is unlikely that the information was usedfor fraud or disseminated by this individual.”

However, the incident is stillunder investigation …

That being said, it doesn’t meanthat you shouldn’t take steps to protect yourself. Just because the suspecthadn’t sold the information, doesn’t mean that it won’t, or hasn’t, gotten intothe wrong hands. And it’s possible that the full story has not yet beendisclosed.

Capital One has announced thatthey would be directly notifying the affected individuals via a letter in themail the week of August 5, 2019. If you didn’t receive a letter in the mail,but you’re still worried that you were affected, you can contact Capital Onedirectly with your concerns at 1-800-227-4825.

Additionally, Capital One isoffering a free two-year membership with TransUnion for credit monitoring andidentity protection. This free service works by monitoring your credit reportsthrough the three credit reporting bureaus. If there is a change in yourexisting accounts, or if a new account is opened under your name, includingloans, they will alert you.

In addition, you also get freeaccess to your credit history so you can monitor your credit yourself. Usingthis service and checking your credit through this service does not damage yourcurrent credit rating.

What Actions Can You Take?

It’s important to be proactive if youbelieve you may be affected by a security breach such as this. The followingsections will help guide you through what to do to ensure your personalinformation is kept safe:

1) Monitor Your Credit

Signing up for a creditmonitoring service, like the free TransUnion service that Capital One isoffering, is a wise idea because it helps take some of the work off your hands.While the credit monitoring service helps monitor your credit, you can alsoeasily monitor your open accounts yourself this way.

Keep in mind that while thesemonitoring services will alert you to any changes or potentially fraudulentactivity, they do not address the fraud, nor do they stop someone from openingan account or receiving a loan under your name.

If, for your own reasons, youwould rather not use TransUnion, other credit monitoring agencies such asIdentity Guard, LifeLock, or EZShield are available. You are also entitled to afree yearly credit report from one of the three major credit bureaus: TransUnion, Experian, or Equifax.

Review these reports closely.Look for inquiries from companies that you didn’t contact, accounts that youdidn’t open, or charges that you didn’t authorize. You should also verify yourinformation on the report to make sure it is correct.

Get your credit report at AnnualCreditReport.com.

We also recommend signing up fora HelpCloud membership, which will give you access to EZShield identity protection.

2) Beware of Phishing

Phishing is when you receivephone calls, emails, text messages, or other forms of contact from someoneposing as a company or agency. They often request private information from you.

Essentially, these are scams.

Capital One is not contacting anyone by phone,text, or email regarding the security breach. If you are contacted by someoneclaiming to be from Capital One, do not give them any of your personalinformation.

Phishing calls and emails may bemore common following the security breach.

So, what do you do if you thinkyou’ve received a Phishing call or email? If you get a call asking for any kindof personal information, simply hang up the phone, call the number on the backof the credit card, and tell them what happened.

If you receive an email fromCapital One, do not click any links in the email or respond in any way. Forwardthe email to abuse@capitalone.com, then delete the email.

If you suspect that you havebeen a victim of phishing, you gave out any personal information over thephone, or you responded/clicked a link in an email, please call Capital One andinform them that your information may be compromised.

Change the log-in informationfor your online account and monitor your account frequently. As previouslynoted, Capital One will not contact you via phone or email regarding thisincident or to verify any account information.

3) Be Proactive

Whether it’s your Capital Oneaccount or other credit card or banking account, it’s always a good idea totake steps to protect your identity.

Do this by changing your passwords frequently and don’t use the same passwords for multiple accounts. Passwords should be complex. Weak passwords are easy for hackers to decipher. If you must write your passwords down to remember them, keep them safe and hidden, where no one else can access them.

Change Your Password on Capital One’s Website

Change your password by clickingthe drop-down arrow in the upper right corner of your screen once you’re loggedin to your Capital One account. Choose “Security” from the menu, then click onthe little pencil shaped icon that is located on the right side of your screen.

Make Sure the Websites That You’re Using are Secure

Secure sites will have an “https” in the URL (the website address), or a lock symbol next to the web address. Do not access personal accounts when using public WiFi, because internet access at public establishments may not be secure. Furthermore, make sure that any online shopping you do is through safe and protected websites. At the bare minimum, a website should have a SSL certificate on the site. It allows for a secure connection from the website’s server with your browser. DO NOT enter personal or financial information on sites that do not have a SSL certificate. A website with this protection will have a padlock like this next to it’s domain address:

Review your bills and accountinformation regularly. Doing this will help you catch any unauthorized use of your accounts early, and therefore be able toaddress it beforeit becomes a larger problem.

Finally, freezing your creditwill help stop fraudulent activity. A credit freeze controls access to yourcredit by requiring a special password. Even if someone has your personalinformation, they will not be able to open new accounts under your name unlessthey have this password.

Only you can freeze or unfreezeyour credit — and you must unfreeze it before opening any new accounts. Youmust contact all three credit bureaus individually in order to freeze orunfreeze your credit.

What If You’re a Victim?

Having your identity stolen canderail your life in a big way …

If you have reviewed your creditreport, given personal information to a phisher, or have unauthorized chargesto your account, then you may have reason to believe that your identity hasbeen stolen.

Luckily there are steps you can take to address your stolen identity and get your life back. Below, you’ll find the steps from www.identitytheft.gov:

  1. Contact the companies through which the fraud occurred and report the fraud. Ask them to freeze your accounts or open new accounts, if needed. Remember to change all of your log-in information with these companies.
  2. Contact one of the credit bureaus and pace a fraud alert. If you tell one company, the other two will be notified:
    1. Experian – 888-397-3742 or www.experian.com     
    2. TransUnion – 888-909-8872 or www.transunion.com         
    3. Equifax – 800-685-1111 or www.equifax.com   
  3. Contact the Federal Trade Commission and report the fraud at 877-438-4338 or fill out the form here. When filling out the form, be sure to be as detailed as possible.
  4. Close the accounts that were fraudulently opened under your name. According to identitytheft.gov, you should make sure the business knows that you were a victim of identity theft and ask them to send you a letter that states that “the fraudulent account isn’t yours, you aren’t liable for it, and that it was removed from your credit report.”
  5. Ask that all fraudulent charges toyour accounts be removed.

Visit www.identitytheft.com/steps for more information on how toregain your identity.

If the recent Capital One data breach has you concerned about your own personal safety online, please note that our HelpCloud membership includes — through our EZShield partnership — identify protection and restoration services.

Your Personal IT Team, Anytime, Anywhere!

24/7 Support

Explore Services

Get 24/7 Peace of Mind With Remote Tech support

We’ll help you with any question, concern or issue.

Get Specialist Assistance

About the author

Photo of Erik Fullmer

Erik Fullmer

Erik was raised in many places but has long since called Utah home. Rooted in mountains, he spends a lot of time with his dogs in the mountains and in the winter he skis… a lot.

Erik is actively earning the necessary certifications and training to become a certified AMGA Ski Guide.

With over a decade of content writing experience, Erik finds passion when writing for the tech and outdoor recreation industries.