Capital One Data Breach 2019

by | Jul 30, 2019 | cyber | 0 comments

Facts About the Capital One Hack

Multiple news outlets are reporting that a 33-year old hacker from Seattle was able to access a Capital One serves and compromise over 100 million user accounts and applications.

Capital One states that no credit card numbers or log-in information was obtained. Here is what we know was compromised:

  • 140,00 Social Security Numbers
  • 1,000,000 Canadian Social Insurance Numbers
  • 80,000 bank account numbers

The U.S. Justice Department confirmed that the incident occurred between March 22 and March 23, 2019 and that the hacker was arrested this Monday July 29, 2019.

Capital One Logo Source: Capital One, via Twitter

PROTECT YOURSELF

Learn More About Data Privacy & Security in privateRISK‘s comprehensive guide.

Cyber Risk Guide

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
— Richard D. Fairbank, Chairman and CEO Capital One

How Big Is This Breach

This breach is large in scale but appears to be contained as the hacker did not yet distribute the information she gathered.

Has the Breach Been Fixed

Capital One has since patched the security vulnerability which lied with a misconfigured firewall application.

How Do I Know If I Am Impacted

 Capital One will contact everyone affected and provide the customary monitoring services.

 

How Has Capital One Responded to the Breach

Capital One has issued a formal statement and a list of facts about the breach at their website: https://www.capitalone.com/facts2019. Here is an excerpt:

Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada. Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised. The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income. Beyond the credit card application data, the individual also obtained portions of credit card customer data, including: Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018 No bank account numbers or Social Security numbers were compromised, other than: About 140,000 Social Security numbers of our credit card customers About 80,000 linked bank account numbers of our secured credit card customers For our Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident.

What Should I Do After The Capital One Hack?

Here is a mini-guide to addressing the Capital One data breach:


  1. Capital One will notify affected individuals and provide complimentary credit monitoring and identity protection available to all affected.


  2. Monitor your accounts for unusual activity. Enroll in account text and/or email alerts to help keep track of it all.


  3. Call the number on the back of your credit card to report unusual activity.


  4. Be extra wary and look for phishing emails and calls in the wake of this breach.


  5. Report suspicious emails by forwarding them to the official Capital One security account, abuse@capitalone.com.


  6. Remember, Capital One will not ask for your credit card, account information or Social Security numbers over the phone or via email.


About the author

Bob

Bob

Strategist | Advisor | Thought Leader

Bob Raymond manages risk for many of the country’s preeminent families and family offices. He is an outside director, educator, and the founder of privateRISK.

[/db_pb_team_member]
privateRisk.org is a leading think tank for managing the personal risk, family governance, estate planning, and insurance strategies of family offices and enterprising individuals within the United States.

Be the first to KNOW

Get Breaking News, Trends, and Advice

privateRISK.org

[/db_pb_signup]

Submit a Comment