Fact Checked

Capital One data breach: What to do if you’re worried

Stressed businesswoman looks at cell phone, worried about Captial One breach.Image: Stressed businesswoman looks at cell phone, worried about Captial One breach.
Editorial Note: Intuit Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our third-party advertisers don’t review, approve or endorse our editorial content. Information about financial products not offered on Credit Karma is collected independently. Our content is accurate to the best of our knowledge when posted.

More than 100 million Capital One credit card applicants and customers had their personal data exposed in a recent hack, according to a statement from the company earlier this week.

In addition to credit scores, credit limits and payment histories, the breach compromised about 140,000 Social Security numbers and 80,000 bank account numbers. Read on to learn more about this breach and what to do if you’re worried about your online data security.

Who did this breach affect?

The exposed data involved approximately 100 million American customers and 6 million Canadian customers, with the largest amount of compromised info linked to consumers and small businesses who applied for Capital One credit card accounts between 2005 and 2019, according to Capital One.

Whether you currently have a Capital One card or not, you might have been affected if you applied for a Capital One card during that time. The bank said the compromised bank account numbers were linked to secured card customers, and the compromised Social Security numbers were from credit card customers.

What kind of information was exposed?

Exposed data included typical credit card application data like names, addresses, zip codes, phone numbers, email addresses, birth dates and self-reported income. About 140,000 Social Security numbers from credit card customers, 1 million Social Insurance numbers from Canadian credit card customers and 80,000 bank account numbers linked to secured cards were also exposed. Consumer credit data like credit scores, credit limits, payment history and account balances were also compromised.

How did this breach happen?

The hacker was able to access the customer files through a misconfiguration in the firewall of a web-based application, The New York Times reported. The FBI has arrested the person accused of accessing Capital One’s servers.

What is Capital One doing about it?

Capital One says it took immediate action to fix the security issue when it learned of the breach on July 19, and the investigation is still ongoing. The bank said it will notify American customers whose Social Security numbers or bank account numbers were accessed and Canadian customers affected. In the meantime, the company has pledged to offer free credit monitoring services to anyone impacted by the breach.


What to do if you’re worried about your data security online

While there’s nothing you can do about a breach like this one involving Capital One, there are some steps you can take to generally reduce your risk online. Capital One recommends being on the lookout for phishing emails due to this incident. In addition …

  1. Monitor your credit reports and keep a credit freeze in mind. You can get free credit monitoring if you’re a Credit Karma member. We’ll notify you if we see important changes on your Equifax or TransUnion credit reports so that you can check for suspicious activity. You can also ask the three major consumer credit bureaus — Equifax, Experian and TransUnion — to freeze or lock your credit reports at any time.
  2. Keep your passwords secure. It can be tempting to use the same password across multiple sites or to use simple passwords like your name or birthday — but that’s not the best way to keep your information secure. A password made up of multiple short words or phrases might be tougher for hackers to crack. You might consider using a password manager to help keep track of all your passwords.
  3. Add multifactor authentication. For an added layer of protection, think about putting two-factor authentication in place for any site or account that offers it. This will require you to first log in with your password, then confirm your identity by entering a code often sent to you via email or text.

About the author: Paris Ward is a content strategist at Credit Karma, providing readers with the latest news that will aid their financial progress. She has more than a decade of experience as a writer and editor and holds a bachelor’s… Read more.