Header Ads

Breaking News

Here’s What You Need to Know About the Capital One Breach

It’s become a drearily familiar story: A data breach at a major company exposes troves of sensitive information, putting millions of people at risk of online fraud.

Last year, it was Marriott. The year before, Equifax.

This time, it’s Capital One, which said on Monday that a hacker had compromised the personal information of more than 100 million people, in one of the largest-ever thefts of data from a bank. For the vast majority of those consumers, the breach likely exposed details like names and addresses rather than Social Security and bank account numbers.

The bank said it was “unlikely that the information was used for fraud or disseminated by this individual,” and no credit card numbers or passwords were exposed.

But the news of the hack — which came just a week after Equifax reached a $650 million consumer settlement stemming from the 2017 breach — highlights the importance of digital security at a time when major leaks of consumer information are a fact of life.

Here’s what we know so far about the hack:

The suspect, identified in court documents as a 33-year-old software engineer named Paige Thompson, is accused of stealing 140,000 Social Security numbers and 80,000 bank account numbers, as well as one million “social insurance” numbers, which are the Canadian equivalent of Social Security numbers.

The information came from credit card applications that consumers and small businesses had submitted between 2005 and 2019, according to Capital One. The bank said the account numbers were linked to “secured” credit cards, which tend to be held by consumers with bad credit who are financially vulnerable.

Capital One says it will “notify affected individuals through a variety of channels.” It’s unclear precisely what that means (so keep an eye on your email), but the bank has promised to make free credit monitoring and identity protection available to anyone affected by the breach.

Capital One has issued guidelines urging consumers to monitor their credit card accounts for suspicious activity and forward suspected phishing emails to abuse@capitalone.com.

Beyond those initial steps, the response to a major data breach generally follows a set playbook: After the Equifax breach, The New York Times’s Tim Herrera wrote a four-part guide to protecting sensitive information online. Here are the precautions he recommends:

Set up fraud alerts. The three major credit reporting agencies — Equifax, Experian and TransUnion — will alert you if someone tries to apply for credit in your name.

Consider credit freezes. A credit freeze locks your credit files so that only companies you already do business with have access to them.

Check your credit report. All Americans get one free credit report a year from all three major reporting agencies. Closely analyzing those reports can help you spot any suspicious activity.

Credit monitoring. Capital One has promised free credit monitoring to consumers affected by the breach. You should probably take them up on that.

Emily Flitter and Karen Weise contributed to this article.

(We’ll update this story as we learn more about what you can do to find out if you were hacked, and how to claim credit monitoring.)

Source link

No comments