It has become a drearily familiar story: A data breach at a major company exposes troves of sensitive information, putting millions of people at risk of online fraud.
Last year, it was Marriott. The year before, Equifax.
This time, it’s Capital One, which said on Monday that a hacker had compromised the personal information of more than 100 million people, in one of the largest-ever thefts of data from a bank. For the vast majority of those consumers, the breach appears to have exposed only relatively inconsequential details like names and addresses, rather than Social Security and bank account numbers.
“The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income. Beyond the credit card application data, the individual also obtained portions of credit card customer data, including:
- Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
- Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
No bank account numbers or Social Security numbers were compromised, other than:
- About 140,000 Social Security numbers of our credit card customers
- About 80,000 linked bank account numbers of our secured credit card customers
For our Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident.”
Capital One will be notifying each user who was affected by email and will be providing free credit monitoring service.
Due to the amount of personal information that was exposed and how it can be used for identity theft, it is strongly advised that users monitor their credit reports for suspicious activity and immediately report anything detected to both the police, Capital One, and the credit agencies.