Fact Checked

Capital One data breach: What to do if you’re worried

Stressed businesswoman looks at cell phone, worried about Captial One breach.Image: Stressed businesswoman looks at cell phone, worried about Captial One breach.
Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our marketing partners don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when posted.
Advertiser Disclosure

We think it's important for you to understand how we make money. It's pretty simple, actually. The offers for financial products you see on our platform come from companies who pay us. The money we make helps us give you access to free credit scores and reports and helps us create our other great tools and educational materials.

Compensation may factor into how and where products appear on our platform (and in what order). But since we generally make money when you find an offer you like and get, we try to show you offers we think are a good match for you. That's why we provide features like your Approval Odds and savings estimates.

Of course, the offers on our platform don't represent all financial products out there, but our goal is to show you as many great options as we can.

More than 100 million Capital One credit card applicants and customers had their personal data exposed in a recent hack, according to a statement from the company earlier this week.

In addition to credit scores, credit limits and payment histories, the breach compromised about 140,000 Social Security numbers and 80,000 bank account numbers. Read on to learn more about this breach and what to do if you’re worried about your online data security.

Who did this breach affect?

The exposed data involved approximately 100 million American customers and 6 million Canadian customers, with the largest amount of compromised info linked to consumers and small businesses who applied for Capital One credit card accounts between 2005 and 2019, according to Capital One.

Whether you currently have a Capital One card or not, you might have been affected if you applied for a Capital One card during that time. The bank said the compromised bank account numbers were linked to secured card customers, and the compromised Social Security numbers were from credit card customers.

What kind of information was exposed?

Exposed data included typical credit card application data like names, addresses, zip codes, phone numbers, email addresses, birth dates and self-reported income. About 140,000 Social Security numbers from credit card customers, 1 million Social Insurance numbers from Canadian credit card customers and 80,000 bank account numbers linked to secured cards were also exposed. Consumer credit data like credit scores, credit limits, payment history and account balances were also compromised.

How did this breach happen?

The hacker was able to access the customer files through a misconfiguration in the firewall of a web-based application, The New York Times reported. The FBI has arrested the person accused of accessing Capital One’s servers.

What is Capital One doing about it?

Capital One says it took immediate action to fix the security issue when it learned of the breach on July 19, and the investigation is still ongoing. The bank said it will notify American customers whose Social Security numbers or bank account numbers were accessed and Canadian customers affected. In the meantime, the company has pledged to offer free credit monitoring services to anyone impacted by the breach.


What to do if you’re worried about your data security online

While there’s nothing you can do about a breach like this one involving Capital One, there are some steps you can take to generally reduce your risk online. Capital One recommends being on the lookout for phishing emails due to this incident. In addition …

  1. Monitor your credit reports and keep a credit freeze in mind. You can get free credit monitoring if you’re a Credit Karma member. We’ll notify you if we see important changes on your Equifax or TransUnion credit reports so that you can check for suspicious activity. You can also ask the three major consumer credit bureaus — Equifax, Experian and TransUnion — to freeze or lock your credit reports at any time.
  2. Keep your passwords secure. It can be tempting to use the same password across multiple sites or to use simple passwords like your name or birthday — but that’s not the best way to keep your information secure. A password made up of multiple short words or phrases might be tougher for hackers to crack. You might consider using a password manager to help keep track of all your passwords.
  3. Add multifactor authentication. For an added layer of protection, think about putting two-factor authentication in place for any site or account that offers it. This will require you to first log in with your password, then confirm your identity by entering a code often sent to you via email or text.

About the author: Paris Ward is a content strategist at Credit Karma, providing readers with the latest news that will aid their financial progress. She has more than a decade of experience as a writer an… Read more.