A data breach of Capital One, the nation’s seventh-largest bank by assets, compromised the personal information of approximately 100 million U.S. consumers and 6 million consumers in Canada, the bank announced Monday.
The breach affected the information of two groups of people:
Those who applied for Capital One credit cards between 2005 and 2019. The compromised information included names, dates of birth, addresses, email addresses and phone numbers.
Existing credit card and secured credit card holders. Data stolen included 140,000 Social Security numbers, 80,000 bank account numbers and information about consumers’ credit scores, credit limits, balances, payment history and transactions. In Canada, 1 million Social Insurance Numbers were compromised.
Capital One said it would provide free credit monitoring and identity protection services to those affected.
The incident arrives just after a settlement of the massive 2017 Equifax data breach, which exposed the personal information of nearly 148 million U.S. consumers, more than half the adults in the U.S.
Consumers can take steps if they fear their financial data has been compromised or to proactively guard their credit:
1. For best protection, freeze your credit. A credit freeze makes it unlikely your stolen financial information can be used to open new accounts in your name. Most creditors check your credit history as part of the application process — with a freeze in place, they can’t access your credit history and will decline to open a new account.
Freezing your credit doesn’t affect your score. And when you want to open up a new credit line, you can simply “thaw” your credit temporarily.
Freezing and unfreezing your credit at each of the three credit bureaus — Equifax, Experian and TransUnion — is free to all consumers.
2. Place a fraud alert if you can’t freeze right now. If you don’t want to lock out creditors — perhaps you’re in the middle of applying for a mortgage or car loan — you can instead add a fraud alert to your credit reports. This type of alert flags potential creditors that they should verify your identity before issuing new credit in your name. A fraud alert lasts for a year and is renewable. You need to contact only one of the three bureaus and ask for the alert; it will notify the others. For best protection, remember to freeze your credit at all three bureaus once you’re done with your applications.
3. Check all 3 credit reports. You’re entitled to at least one free credit report from each credit bureau every 12 months via AnnualCreditReport.com. If you’ve already accessed them within that time frame, you get another round of free reports once you’ve placed a fraud alert. In addition, the Equifax breach settlement will provide all U.S. consumers six extra free credit reports a year for seven years, starting in 2020. Check over your reports for signs of trouble, especially:
- New accounts that you didn’t open.
- Credit inquiries that don’t match when you applied for credit.
- Balances that don’t match your statements.
4. Watch your credit card activity. Freezing can stop new accounts from being opened in your name — but it can’t prevent fraudulent charges on an existing account. Protect yourself in these ways:
- Even if you think your data wasn’t affected by this breach, stay on top of your credit card statements. Look for charges you don’t recognize and if something seems fishy, dig into it. There’s often a phone number listed along with the merchant name for each transaction.
- Sign up for text or email alerts about credit transactions. Many credit card issuers let you set them for every charge, or just ones above a certain dollar amount.
- If you see a suspicious charge, call your issuer right away to dispute it. Most often, your liability is limited to only $50 and perhaps less.