Capital One Breach Exposes Data of Over 100 Million Credit Card Customers and Applicants
|On the heels of the Equifax Settlement, we have an announcement by Capital One that the personal information of roughly 100 million Capital One credit card customers and applicants has been hacked.
One hundred million are U.S. applicants while another 6 million are from Canada – all have had their personal information exposed as a result of this data hack.
The information that has been stolen includes; names, addresses, ZIP codes, phone numbers, email addresses, dates of birth and self-reported income numbers of consumers and small businesses who applied for a Capital One credit card between 2005 and 2019.
For a select number, even more crucial information was obtained.
Approximately 140,000 Social Security numbers were part of the stolen data. The Social Security numbers, at least as it is being reported now, were associated with small business credit card applicants using their SSNs instead of Employer Identification Numbers (EIN) to apply for the business credit cards.
Additionally, 80,000 linked bank account numbers were also exposed. It appears the linked bank account numbers were of secured credit card customers, individuals who required a cash backing to obtain credit.
Hacker in Custody
In an unusual twist, the individual who hacked the information is in custody.
Normally, hackers are able to remain anonymous, stealing the information and distributing it over the dark web without being caught.
This individual might have been able to do the same, except for the fact that she decided to brag about what she did, as well as post some of the stolen data on Github, a software development platform.
Interestingly, and somewhat disturbingly, it was an individual on the Github platform that emailed Capital One on July 17, 2019, to let them know some of their data was publicly available on Github.
The hacker had first accessed the Capital One server, obtaining some data, on March 22, 2019. Subsequent hacks over the next month allowed her to gain access to the remaining data.
Bottom line, Capital One wasn’t even aware the data of over 100 million people had been hacked until a “good samaritan” let them know almost 3 months after the data was stolen.
And this is a bank!
As I’ve said in other pieces dealing with data breaches, your information has been stolen. It’s only a question of whether nefarious actors have randomly chosen your data to use in criminal ways.
The only good aspect to this data breach is that it is unclear exactly what, and how much, data she publicly provided on the Github platform.
If she was apprehended prior to making public all she had stolen, the potential criminal activity associated with the breached data may be limited.
As with any of these hacks, only time will tell.
Protect Yourself
Unfortunately, there really are few ways to protect yourself from these data hacks and the potential criminal activity that may result when your personal information falls into the wrong hands.
Regularly monitoring your credit cards/financial accounts, as well as checking your credit report at least once a year – you can access your report for free from each of the three reporting agencies once per year – are your best bets for detecting unusual activity.
And freezing your credit with each of the three credit reporting agencies – Equifax, Experian and TransUnion – is the best way to keep criminals from opening credit in your name. Legislation was passed by Congress late last year to make the freezing process simple and free.
Take these steps, and you’ll be protecting yourself as best you can.
And keep in mind, your personal information is already available to those with criminal intentions as a result of the numerous hacks both past, present, and to come. The only question is will your data be next on the bad guy’s “use” list?
hacker image courtesy of hyena reality at FreeDigitalPhotos.net