On Monday, news broke that Capital One had suffered a security breach on April 21st exposing credit card or credit card application data to an unauthorized individual. The news comes on the heels of other recent big data breaches such as the Marriott breach, and Equifax’s 2017 breach.
So, what happened at Capital One, and how does it affect you? What should you do if your information has been compromised, and what should you do to protect yourself from future security threats?
What Happened at Capital One?
Capital One disclosed that approximately 106 million people are affected by this incident. Most of the stolen information is credit application data for consumers and small businesses. Those applications typically include names, addresses, phone numbers, dates of birth, and self-reported income. In addition to this, some sensitive data was also compromised, including 140,000 Social Security numbers, 80,000 linked bank account details, and 1 million Canadian Social Insurance Numbers. Capital One has published their disclosures and analysis online (here).
While it’s definitely no fun to have your credit card information stolen, if you are vigilant about monitoring charges and diligent about reporting ones that seem fishy, credit card companies like Capital One will usually absorb the cost. The real danger comes from other personal information like Social Security numbers or Bank Account details getting compromised.
What Should I Do If I Think I Have Been Affected by The Capital One Breach?
Whether or not you were impacted, the grim reality is that in this day and age, we should all assume that we’ve had our data compromised at some point, whether in this breach or one of the many others.
Here are some identity self-defense steps we recommend for people who fear that their personal information might be in the hands of hackers:
- Credit Report Monitoring – Use a credit monitoring service to check that new accounts are not being opened in your name. (we like Credit Karma* – and it’s free!). Report any unusual activity as promptly as possible. You are also entitled to a free copy of your credit report yearly, so take advantage of it!
- Phishing Scams – Be on the lookout for any phishing activity like emails, calls, or texts related to this breach. Capital One should not contact you asking for your credit card number or other personal information, so make sure you report any suspicious communication. If you need to get in touch with Capital One (or any financial institution), use the phone number on your credit card, statement or their web site.
- Bank Account Fraud – If your bank account details have been compromised, it’s important to monitor the account for any unauthorized money transfers. You may lose your ability to challenge a suspicious transaction so review transactions regularly. We happen to think Personal Capital’s App is pretty useful for this!
How Should I Protect Myself From Identity Theft?
This isn’t the first time a hacker has gained access to people’s personal information through a major institution, and it won’t be the last. Again, it’s generally best to assume your data has been compromised in some way given the rampant nature of digital fraud — so these tips are worth considering even if you don’t think you’ve been affected by a recent breach:
- You have the option to freeze your credit file. This is one of the most effective options for preventing identity theft since it will prevent anyone from opening new accounts in your name (including yourself). If you need to open new credit accounts for your own benefit, you would need to unfreeze and refreeze your accounts. In some cases, unfreezing may take some time, so plan ahead if you go this route. Since last September, this is now free to do.
- Be smart about your passwords. It’s always great to come up with unique, complicated and hard-to-guess passwords, but let’s be real; remembering dozens of passwords just isn’t going to work. What’s even better is using a password manager tool (1Password and LastPass have good reviews). Then, secure your password manager with a long passphrase that you will not forget. “Matt likes to dance in the rain” is better than “[email protected]%”
- Use Multi-Factor Authentication (MFA). MFA is a login technology that adds another layer of security on top of your password. Examples of MFA you may have seen are SMS codes, or mobile apps that generate unique codes. Your primary email is extremely sensitive as it can be used to hack into many of your accounts via “Forgot my Password” features. If you only do one MFA, do this on your primary email.
- Plant your flag online. Make sure you have claimed and created passwords for at least the following services: Internal Revenue Service, Social Security Administration, the U.S. Postal Service, and your primary bank. Registration is usually easy if a fraudster has your PII, but if you’ve already created the account they are blocked from doing so.
Does the Capital One Breach Affect my Personal Capital Account?
This breach does not affect Personal Capital in any direct way. Your Personal Capital account can be protected by MFA, and Personal Capital does not store any of your bank account numbers or passwords.
Whether you are a user of our free tools or a client of our wealth management services, security is a major priority for us. As a fiduciary, we will do the right thing for you, always. To learn more about the security measures we take to protect you, see our Security Page. Our security team can also speak directly to clients who have specific concerns.
The content contained in this blog post is intended for general informational purposes only and is not meant to constitute legal, tax, accounting or investment advice. You should consult a qualified legal or tax professional regarding your specific situation. No part of this blog, nor the links contained therein is a solicitation or offer to sell securities. Third party data is obtained from sources believed to be reliable; however, Personal Capital Corporation (“Personal Capital”) cannot guarantee the accuracy, timeliness, completeness or fitness of this data for any particular purpose. *Third party links are provided solely as a convenience and do not imply an affiliation, endorsement or approval by Personal Capital of the contents on such third-party websites.
The content contained in this blog post is intended for general informational purposes only and is not meant to constitute legal, tax, accounting or investment advice. You should consult a qualified legal or tax professional regarding your specific situation. Keep in mind that investing involves risk. The value of your investment will fluctuate over time and you may gain or lose money.
Any reference to the advisory services refers to Personal Capital Advisors Corporation, a subsidiary of Personal Capital. Personal Capital Advisors Corporation is an investment adviser registered with the Securities and Exchange Commission (SEC). Registration does not imply a certain level of skill or training nor does it imply endorsement by the SEC.