Here’s What Consumers Need to Know
It has become a drearily familiar story: A data breach at a major company exposes troves of sensitive information, putting millions of people at risk of online fraud.
Last year, it was Marriott. The year before, Equifax.
This time, it’s Capital One, which said Monday that a hacker had compromised the personal information of more than 100 million people, in one of the largest ever thefts of data from a bank. For the vast majority of those consumers, the breach appears to have exposed only relatively inconsequential details like names and addresses rather than Social Security and bank account numbers.
The bank said it was “unlikely that the information was used for fraud or disseminated by this individual,” and no credit card numbers or passwords were exposed.
But the news of the theft — just a week after Equifax reached a $650 million consumer settlement stemming from the 2017 breach — highlights the importance of digital security at a time when major leaks of consumer information are a fact of life.
Who was affected?
The suspect, identified in court documents as a 33-year-old software engineer, Paige Thompson, is accused of stealing 140,000 Social Security numbers and 80,000 bank account numbers as well as 1 million “social insurance” numbers, which are the Canadian equivalent of Social Security numbers.
The information came from credit card applications that consumers and small businesses had submitted from 2005 to 2019, according to Capital One. The bank said the account numbers were linked to “secured” credit cards, which tend to be held by consumers with bad credit who are financially vulnerable.
Capital One says it will “notify affected individuals through a variety of channels.” The bank did not respond to an email seeking more information on that process, but Capital One has promised to make free credit monitoring and identity protection available to anyone affected by the breach.
What can consumers do to protect their data?
Capital One has issued guidelines urging consumers to monitor their credit card accounts for suspicious activity and forward phishing emails to abuse@capitalone.com.
Beyond those initial steps, the response to a major data breach generally follows a basic playbook: After the Equifax breach, The New York Times’ Tim Herrera wrote a four-part guide to protecting sensitive information online. Here are the precautions he recommends:
— Set up fraud alerts. The three major credit reporting agencies — Equifax, Experian and TransUnion — will alert you if someone tries to apply for credit in your name.
— Consider credit freezes. A credit freeze locks your credit files so that only companies you already do business with have access to them.
— Check your credit report. All Americans get one free credit report a year from all three major reporting agencies. Closely analyzing those reports can help you spot any suspicious activity.
— Consider credit monitoring. Capital One has promised free credit monitoring to consumers affected by the breach. You should probably take them up on that.
