The Capital One Data Breach: What It Is, Who It Impacts, and What to Do About It

A photo of a brown wallet on a standing up on a desk with 3 credit cards in it.

On March 22 and 23, 2019, Capital One, a credit card and banking company, experienced a major security breach. Paige Thompson, a former Amazon software engineer, hacked Capital One and gained access to millions of individuals’ personal information. The security breach was detected on July 19. The criminal also allegedly hacked 30 other organizations.

It seems that our world today is full of hackers that are trying to steal our identities and use our credit. Identity theft is a terrifying prospect and, if it happens to you, it can be time-consuming and may ruin the credit score that you have worked so hard to build up.

Since we rely so heavily on the digital world, and there is no way to get around that, it’s nearly impossible to guarantee avoidance of having your identity stolen. So, what are the details of the Capital One security breach and what, exactly, can you do about it?

Read on to get the most important details, as well as the recommended courses of action …

If you want to protect yourself from these continuous hacks and breaches, you can package identity theft services with a HelpCloud Tech Support Membership. A month-to-month membership includes 24/7 unlimited tech support on all household devices, premium antivirus software, unlimited data backup, and identity theft protection and restoration services. All in one bundle.

An ad for HelpCloud tech support membership, call 1-800-774-2740 for details.

Who Does It Impact?

Capitol One Breach, Tips to Better Secure your Data

The security breach affects more than 106 million individuals who have, or have applied for, accounts with Capital One between 2005 and early 2019. This includes consumers, small businesses, and applicants. Which means that even if you didn’t get approved for a Capital One credit card, simply applying for one may still put you at risk.

The amount of information stolen is mind-boggling. Over 140,000 social security numbers were taken from Americans, as well as over 1 million Canadian social insurance numbers. Canadian residents can find more information on the Capital One website.

That’s on top of the nearly 80,000 bank accounts that were linked to the Capital One services, multitudes of names, addresses, phone numbers, birthdates, credit scores, and other private information.

The credit card company has stated that UK customers, auto finance customers, and commercial bank account customers were not affected by the hacker.

How Is Capital One Handling It?

According to the Capital One website; “Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual.”

However, the incident is still under investigation …

That being said, it doesn’t mean that you shouldn’t take steps to protect yourself. Just because the suspect hadn’t sold the information, doesn’t mean that it won’t, or hasn’t, gotten into the wrong hands. And it’s possible that the full story has not yet been disclosed.

Capital One has announced that they would be directly notifying the affected individuals via a letter in the mail the week of August 5, 2019. If you didn’t receive a letter in the mail, but you’re still worried that you were affected, you can contact Capital One directly with your concerns at 1-800-227-4825.

Additionally, Capital One is offering a free two-year membership with TransUnion for credit monitoring and identity protection. This free service works by monitoring your credit reports through the three credit reporting bureaus. If there is a change in your existing accounts, or if a new account is opened under your name, including loans, they will alert you.

In addition, you also get free access to your credit history so you can monitor your credit yourself. Using this service and checking your credit through this service does not damage your current credit rating.

What Actions Can You Take?

It’s important to be proactive if you believe you may be affected by a security breach such as this. The following sections will help guide you through what to do to ensure your personal information is kept safe:

1) Monitor Your Credit

Signing up for a credit monitoring service, like the free TransUnion service that Capital One is offering, is a wise idea because it helps take some of the work off your hands. While the credit monitoring service helps monitor your credit, you can also easily monitor your open accounts yourself this way.

Keep in mind that while these monitoring services will alert you to any changes or potentially fraudulent activity, they do not address the fraud, nor do they stop someone from opening an account or receiving a loan under your name.

If, for your own reasons, you would rather not use TransUnion, other credit monitoring agencies such as Identity Guard, LifeLock, or EZShield are available. You are also entitled to a free yearly credit report from one of the three major credit bureaus: TransUnion, Experian, or Equifax.

Review these reports closely. Look for inquiries from companies that you didn’t contact, accounts that you didn’t open, or charges that you didn’t authorize. You should also verify your information on the report to make sure it is correct.

Get your credit report at AnnualCreditReport.com.

We also recommend signing up for a HelpCloud membership, which will give you access to EZShield identity protection.

2) Beware of Phishing

Phishing is when you receive phone calls, emails, text messages, or other forms of contact from someone posing as a company or agency. They often request private information from you.

Essentially, these are scams.

Capital One is not contacting anyone by phone, text, or email regarding the security breach. If you are contacted by someone claiming to be from Capital One, do not give them any of your personal information.

Phishing calls and emails may be more common following the security breach.

So, what do you do if you think you’ve received a Phishing call or email? If you get a call asking for any kind of personal information, simply hang up the phone, call the number on the back of the credit card, and tell them what happened.

If you receive an email from Capital One, do not click any links in the email or respond in any way. Forward the email to abuse@capitalone.com, then delete the email.

If you suspect that you have been a victim of phishing, you gave out any personal information over the phone, or you responded/clicked a link in an email, please call Capital One and inform them that your information may be compromised.

Change the log-in information for your online account and monitor your account frequently. As previously noted, Capital One will not contact you via phone or email regarding this incident or to verify any account information.

3) Be Proactive

Whether it’s your Capital One account or other credit card or banking account, it’s always a good idea to take steps to protect your identity.

Do this by changing your passwords frequently and don’t use the same passwords for multiple accounts. Passwords should be complex. Weak passwords are easy for hackers to decipher. If you must write your passwords down to remember them, keep them safe and hidden, where no one else can access them.

Change Your Password on Capital One’s Website

Change your password by clicking the drop-down arrow in the upper right corner of your screen once you’re logged in to your Capital One account. Choose “Security” from the menu, then click on the little pencil shaped icon that is located on the right side of your screen.

Make Sure the Websites That You’re Using are Secure

Secure sites will have an “https” in the URL (the website address), or a lock symbol next to the web address. Do not access personal accounts when using public WiFi, because internet access at public establishments may not be secure. Furthermore, make sure that any online shopping you do is through safe and protected websites. At the bare minimum, a website should have a SSL certificate on the site. It allows for a secure connection from the website’s server with your browser. DO NOT enter personal or financial information on sites that do not have a SSL certificate. A website with this protection will have a padlock like this next to it’s domain address:

Review your bills and account information regularly. Doing this will help you catch any unauthorized use of your accounts early, and therefore be able to address it before it becomes a larger problem.

Finally, freezing your credit will help stop fraudulent activity. A credit freeze controls access to your credit by requiring a special password. Even if someone has your personal information, they will not be able to open new accounts under your name unless they have this password.

Only you can freeze or unfreeze your credit — and you must unfreeze it before opening any new accounts. You must contact all three credit bureaus individually in order to freeze or unfreeze your credit.

What If You’re a Victim?

Having your identity stolen can derail your life in a big way …

If you have reviewed your credit report, given personal information to a phisher, or have unauthorized charges to your account, then you may have reason to believe that your identity has been stolen.

Luckily there are steps you can take to address your stolen identity and get your life back. Below, you’ll find the steps from www.identitytheft.gov:

  1. Contact the companies through which the fraud occurred and report the fraud. Ask them to freeze your accounts or open new accounts, if needed. Remember to change all of your log-in information with these companies.
  2. Contact one of the credit bureaus and pace a fraud alert. If you tell one company, the other two will be notified:
    1. Experian – 888-397-3742 or www.experian.com     
    2. TransUnion – 888-909-8872 or www.transunion.com         
    3. Equifax – 800-685-1111 or www.equifax.com   
  3. Contact the Federal Trade Commission and report the fraud at 877-438-4338 or fill out the form here. When filling out the form, be sure to be as detailed as possible.
  4. Close the accounts that were fraudulently opened under your name. According to identitytheft.gov, you should make sure the business knows that you were a victim of identity theft and ask them to send you a letter that states that “the fraudulent account isn’t yours, you aren’t liable for it, and that it was removed from your credit report.”
  5. Ask that all fraudulent charges to your accounts be removed.

Visit www.identitytheft.com/steps for more information on how to regain your identity.

If the recent Capital One data breach has you concerned about your own personal safety online, please note that our HelpCloud membership includes — through our EZShield partnership — identify protection and restoration services.

An ad for HelpCloud tech support membership, call 1-800-774-2740 for details.
Erik Fullmer

Director of Marketing

Photo of Erik Fullmer

Erik was raised in many places in a military family but has long since called Utah home. He spends free time in his garden, in the mountains with his dog, and skis…a lot. He is actively earning the necessary certifications and training to become a certified winter mountain guide.

Erik graduated from Utah Valley University in 2011 with a bachelor's degree in Behavioral Science and a minor in Spanish. Additionally, being raised by a German mother, he spent a part of his childhood and also the beginning of his professional career in Germany where he worked as a Digital Strategist for adesta, a locally owned business in Darmstadt. Speaking three languages has opened up the world to him and influences the breadth of topics covered in his articles. He has always held an affinity for the world wide web and its workings, development, history and future.

Being a key player in the development of, and Director of Marketing for HelpCloud, he takes the content displayed and utilized on HelpCloud extremely seriously.