Capital One was hacked in a bizarre incident affecting about 106 million credit card applicants and customers. The good news is that police say they have apprehended the suspect. However, the bad news is that some Social Security Numbers in the U.S. and Social Insurance Numbers in Canada were exposed in the Capital One data breach.
Capital One was hacked on July 19. The firm is informing credit card customers about the data breach via its website. According to that information, the company immediately fixed the problem and started working with law enforcement, who apprehended the individual believed to be responsible. Officials do not believe the customer information that was exposed has been used for fraud or disseminated. However, the investigation into the Capital One data breach continues.
The information that was exposed when Capital One was hacked includes personal data on credit card customers and those who applied for a Capital One credit card. The firm estimates that about 100 million U.S. residents and 6 million Canadian residents were impacted by the breach. The hacker did not get credit card numbers or log-in information, although some Social Security Numbers and Social Insurance numbers were accessed.
Most of the information that was stolen in the Capital One hack was on consumers and small businesses at the time they applied for a credit card between 2005 and early 2019. The data includes basic information collected on applications such as names, addresses, phone numbers, email addresses, birthdates and self-reported income levels.
In addition to application information, the hacker also got some data on Capital One’s credit card customers and applicants, including their credit scores, credit limits, payment history, card balances and contact information. The firm said the hacker also got “fragments of transaction data” covering 23 days in 2016, 2017 and 2018. The Capital One data breach exposed approximately 140,000 Social Security Numbers of card customers, 80,000 linked bank account numbers. The hack also exposed 1 million Social Insurance Numbers belonging to Canadians.
Unfortunately, the firm has not made it easy for customers to see if their data was exposed. However, it will directly contact those whose Social Security Numbers, linked bank account numbers or Social Insurance Numbers were stolen. The bank said it will send mail to affected customers. It will not call or email customers, which is important to know because scammers and phishers may trying to take advantage of this data breach.
Identity protection and free credit monitoring will be offered to those whose information was exposed in the Capital One hack. Customers may also call 1-800-227-4825 for more information. Customers are also advised to monitor their credit card and bank accounts for suspicious activity. If you believe you have been a victim of identity theft, you can report it to the Federal Trade Commission here. You can also contact Experian, Equifax and TransUnion to place a fraud alert on your credit report.
According to multiple news accounts, police arrested former Amazon employee Paige Thompson in connection with the Capital One hack. Fox reports that she was arrested “after leaving an extensive digital footprint of her alleged crime on the internet.” Police say she even boasted about it in online posts. Thompson has been charged with computer fraud and abuse.
According to prosecutors, she knew she might get caught soon. More than six weeks before she was arrested on Monday, she talked about the alleged hack with friends via online chats and in a group she created on Slack.
The Capital One hack is just the latest in a long line of concerning data breaches, including a breach of Equifax, which reached a settlement with regulators recently.