In the wake of one of the biggest data breaches ever, here’s how to keep your money and information safe.
Capital One released a statement on Monday, July 29, confirming that a hacker—who has since been identified and arrested by the FBI—gained unauthorized access to credit card data from over 100 million American customers (and 6 million more in Canada) who applied for Capital One credit cards between 2005 and 2019.
According to Capital One, the data breach occurred on March 22 and 23 of this year and also compromised 140,000 U.S. social security numbers and 80,000 bank account numbers, making it one of the largest data breaches ever.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right," said Richard D. Fairbank, Capital One chairman and CEO.
“Whenever personal information is stolen, it can put consumers at risk of identity theft," says Sara Rathner, a travel and credit cards expert for NerdWallet. “That means other people can do things like withdraw money from your accounts, use your credit cards, and even open new bank accounts or credit cards under your name. This can drain your accounts and wreck your credit if you don’t catch this before the situation gets out of hand.”
Capital One has reassured customers of the unlikelihood that any hacked data was actually used for fraudulent purposes or shared with other parties, and that “no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.” However, there is still a robust ongoing investigation.
How to Know If You’ve Been Impacted by the Breach
Capital One is personally notifying anyone affected and offering free credit monitoring and identity protection to customers affected by the breach.
How Worried Should You Be?
“Thankfully, the hacker in this case was caught and Capital One is taking steps to help protect people who were affected,” Rathner says. “But all consumers should keep an eye on their bank account and credit card statements, as well as their credit reports, because businesses and banks have been hacked before and it’s guaranteed to happen again.”
What to Do If You Think You’ve Been Affected by This, or Any, Data Breach
“Check the last few statements for your bank accounts and credit cards,” Rathner says. “If you see any suspicious activity, notify your bank or credit card issuer immediately. Get your credit reports from annualcreditreport.com and check them for any errors or accounts in your name you didn’t open yourself.” (You’re entitled to one free credit report each year from each of the three major credit bureaus.)
“The number one thing consumers should do to protect their identities is to freeze their credit by contacting Equifax, Experian, and TransUnion,” says Ted Rossman, industry analyst at CreditCards.com. “It’s free, quick and easy: You can do it online or over the phone. This is the best way to prevent a criminal from opening an unauthorized account in your name.”
How to Protect Your Money, Credit, and Personal Info From Future Fraud and Theft
Whether or not you’re one of the millions of Capital One customers affected by the recent data breach, you need to stay vigilant and keep your assets as safe as possible. “Most people will experience some kind of security breach at some point in their lives,” Rathner says. “Unfortunately, when it comes to financial fraud, it’s not a matter of if, but when.” Here are the best ways to fortify against future issues.
1. Regularly check your bank and credit card statements for fraudulent charges or withdrawals. If you can, set up alerts on your bank account or credit card to be notified of any suspicious activity.
2. Periodically check your credit reports.
3. Keep crucial personal belongings and documents secure. “Never carry your Social Security card in your wallet, and store any credit cards you don’t use on a regular basis in a safe place,” Rathner says. “When out and about, keep your wallet and cellphone safe— if you keep your wallet and phone in your pocket, put them in your front pockets. If you wear a purse, choose one with a top that zips shut; and don’t hang purses on the back of your chair at restaurants.”
4. Use a variety of strong, secure passwords, since reusing passwords is a huge security vulnerability. “Use a password aggregator such as LastPass to ensure strong, unique passwords for all of your log-ins,” Rossman says.