The Capital One Data Breach: What to do if Your Data was Compromised

Capital One was the target of a recent cyber hack that exposed sensitive information of over 100 million Americans and roughly 6 million Canadians. Consumers and even small businesses who applied for credit cards from 2005 to 2019 were affected, including applications that were rejected. What makes this data breach particularly bad is the type of information that was stolen, including dates of birth, addresses, and even hundreds of thousands of social security numbers and bank account numbers.

On Monday, the alleged hacker, Paige Thompson, was arrested with a hearing set for Thursday. But don’t let that be any consolation. She might not have been caught had she not boasted online about the breach.

Here’s how it happened:

Paige Thompson, a former Amazon Web Services employee, was able to find a vulnerability in Capital One’s systems and exploit it. This type of vulnerability, a misconfiguration in communications with the cloud, was known by security experts for years; they’ve warned us about it time and time again.  

Capital One Data Breach

This incident comes less than a week after Equifax paid one of the largest ever data breach settlements following their 2017 data breach. Though it seems like each day there’s a another data breach, that’s no reason to be any less phased when another one happens. Inaction in the face of a data breach can leave us ripe for identity theft, which is at an all-time high.

That isn’t to say that we should instead panic. Here’s what to do if your data was compromised in the Capital One hack.

Remain Vigilant

Capital One has stated that they will be contacting consumers affected by the breach, but until then, don’t stick your head in the sand. Immediately check your accounts for any unknown or suspicious activity, and be sure to continue to monitor your credit. Capital One will be offering free credit monitoring for those affected, but there are a number of services, both paid and free, that you can take advantage of now.

RELATED:  Protect Your Firm and Your Clients From Ransomware

Remember to be wary of scammers that will try to take advantage of this breach. Capital One will be sending letters to the consumers affected – not calling or emailing. Never give out your credit card information or social security number to someone on the phone or via email that might be posing as a representative from Capital One or as a government official.

Place a Fraud Alert

A fraud alert is a free service that can prevent someone from misusing your information and opening a credit card in your name. You don’t have to wait to become a victim to place a fraud alert on your credit. If you know your personal information has been exposed, this is a simple tool that should be utilized to ensure your identity will be verified by a business before a line of credit can be opened in your name. It’s as simple as contacting one of the three major credit bureaus. The alert is active for a year, and you can place a new one once the year is up.   

Freeze your credit

This is one of the most important, proactive measures you can take if your private information has been leaked. A credit freeze lets you restrict access to your credit, ultimately leaving the power in your hands. No, it doesn’t affect your credit score, and it doesn’t prevent you from opening a new account, applying for a job, renting an apartment, or buying insurance – you’d just have to temporarily lift the freeze. If you had to take away just one piece of advice from this article, it should be to freeze your credit to protect yourself in this era of data breaches.

RELATED:  Law Firms Are Targets For Hackers, Cybersecurity Experts Say

To place a freeze on your credit or to lift it, you must contact each of the three major credit bureaus. It’s important to note that you should still monitor your credit even if you have placed a freeze.

In a perfect world, there would be no data breaches and our personal information could forever remain private. But that’s sadly not the reality. That doesn’t mean we should let ‘data breach fatigue’ get the best of us; we should continue to monitor our accounts, practice good password hygiene, and remain up to date with the latest in cyber trends. We understand it’s no easy feat keeping up with the cyber world, but we can help. Sign up for our newsletter and never miss an update.

cyber security newsletter

Ben Kapon

Exciting News: Cybint joins ThriveDX - Read the announcement or visit the site!