What Happened?
Capital One, a major credit card issuer headquartered in Virginia has disclosed a data security breach that affected around 100 million individuals in the US and around 6 million in Canada.
The perpetrator sought information relating to individuals who had applied for credit card products between 2005 and 2019, potentially accessing names, addresses, email addresses, phone numbers, dates of birth and self-reported income, as well as 140,000 social security numbers and 80,000 bank account numbers in the US and million social insurance numbers of Canadians. Capital One claims the hacker did not gain access to credit card account numbers, and Capital One
believes it has fully remediated the vulnerability that lead to the breach.
What You Can Do To Protect Yourself
If you believe your personal information may be at risk as a result of this incident, you can take some steps to protect yourself. Here are some suggestions:
1. Check your Capital One account online for unauthorized charges. Log in to your account (from a secure connection and trusted device, as always) and search your recent transaction history for any unfamiliar transactions. If you see any unauthorized charges,
follow Capital One's process to dispute the validity of those charges immediately.
2. Change your password for your online Capital One account. It's a good idea to periodically change your passwords anyway. Do not re-use a password that you have used (anywhere) before. Ensure your password is long and complex. (
Here's what NIST has to say about password length and complexity).
3. Check your credit, if you haven't done so recently. You're entitled to one
free copy of your credit report every 12 months from each of the three nationwide credit reporting companies. Order your reports online from
annualcreditreport.com, the only authorized website for free credit reports, or call 1-877-322-8228. You will need to provide your name, address, social security number, and date of birth to verify your identity. Review the reports to ensure they show only accurate, legitimate lines of open credit (e.g., your mortgage, credit card, etc.).
4. Consider a credit freeze. Placing a security freeze on your credit reports can prevent an identity thief from opening a new account or getting credit in your name. State laws, including North Carolina's state law, allows residents to set up and manage security freezes free of charge, and beginning in September of last year,
federal law gives all Americans similar rights. To implement a security freeze, you will need to contact each of the three credit bureaus online:
- Equifax
- Experian
- Transunion
Be prepared to provide authenticating information, such as:
- Your Full Name
- Your Address
- Your Date of Birth
- Your Social Security Number
When you put a security freeze in place, the credit bureau will send you confirmation of the freeze along with information on how to remove the freeze, which may include a PIN (Personal Identification Number) or password. The information should be sent to you no later than five business days after placing the freeze. Don't lose your PIN/password! If you want to apply for a new line of credit, you can request that a freeze be lifted for a specified period of time or removed by making the request to the credit bureaus and providing proper identification. The credit bureaus must lift or remove a freeze within one hour if you request by telephone or online.
5. Take advantage of the free credit monitoring and identity protection services that Capital One will soon be offering. (Details to follow soon, we assume. Check Capital One's website.)
Take care of yourselves, and good luck!