Capital One data breach – what you need to know

This week, credit company Capital One announced that they suffered a large scale data breach that saw over 100 million customers have their personal information exposed.

Here are the facts, what you need to know and what you need to do.

What happened?

A software engineer who has since been arrested managed to exploit a (yet undisclosed to the public) security vulnerability in March 2019 to steal a large amount of Capital One customer information. This came to light after a security expert alerted Capital One to the vulnerability on July 17th 2019.

Over 100 million users in the USA and 6 million in Canada have had their personal information exposed. This information includes personal data such as name, contact information, income and date of birth, as well as credit information such as credit limits and scores. Around 140,000 US Social Security numbers were also exposed and around 1 million Social Insurance Numbers for Canadian users.

No credit card numbers or login information was compromised.


Sponsored Content. Continued below...




Capital One have said that they will contact all affected customers and provide them with free credit monitoring tools. However Capital One has also said that the risk of the compromised information being used to commit identity fraud is low since the perpetrator has been apprehended already.

What do I need to do?

If you’re a Capital One customer, it would be extremely prudent to keep a close eye on any and all credit reports for the foreseeable future, and report any suspicious activity to Capital One, the authorities and to the credit agency. Make use of credit reporting tools if you have not been provided one for free which can alert you to certain types of activities related to your credit.

If you have been alerted by Capital One that your information was exposed, consider freezing your credit report. This prevents anyone – including lenders – from accessing your credit information, meaning lenders will not provide credit in your name if someone is trying to commit identity fraud. Be aware, however, that when you need someone to access your credit information – for example when applying for a loan – you need to unfreeze your credit report and allow sufficient time for this to process.


Sponsored Content. Continued below...




As far as data breaches go, this one is rather big. However Capital One has been keen to stress that because the authorities caught the alleged perpetrator early, the chances of someone having their stolen information used to commit fraud remain quite low.

However, it is still possible and since large amounts of personal information were also compromised, you should also be on the lookout for suspicious unsolicited emails, messages or phone calls which may use your stolen information to make them appear more convincing. This is known as a targeted attack, since the scammers are using information such as your name, date of birth and address to make their scam more believable.

If in doubt, never respond. You can always contact the bank, credit agency or Capital One directly using the contact information on their official websites.