Yet another data breach has exposed the private data of more than one hundred million people, leaving them vulnerable to fraud.
Credit card company Capital One went public on Monday with news that 106 million individuals had their data compromised, mostly from credit card applications between 2005 and early 2019. The stolen information includes names, dates of birth, addresses, phone numbers, email addresses, and self-reported income.
Credit card holders had additional information stolen, such as credit scores, credit limits, balances, payment history, contact information and some transaction data. Also stolen were about 140,000 Social Security numbers, 80,000 linked bank account numbers of secured credit card holders, as well as the Social Insurance Numbers of about one million Canadians.
It is the largest bank hack ever, said consumer watchdog group U.S. PIRG, and it comes just a week after credit reporting agency Equifax agreed to a settlement regarding its own security breach in 2017.
Capital One has said that it will notify customers affected by the hack, but it is unclear if it has begun to do so. Unlike Equifax, Capital One doesn’t have an online tool to let you check for yourself if your data was compromised.
There have been so many data breaches at so many different kinds of companies—including Marriott, Target, Home Depot, even the IRS—that security experts recommend you should just assume that scammers already have your data.
Here are some steps you can take to protect yourself from scams, frauds, and identity theft:
Check your credit report for suspicious activity. Every US consumer can get a free copy of their credit report every year from each of the three major credit bureaus: Equifax, Experian and TransUnion. Look it over to make sure no credit cards, loans or other accounts have been opened in your name. Also take a good look at the statements from your bank credit cards to find any unauthorized charges.
Consider credit monitoring services. Even if your accounts seem untouched, don’t assume they’ll stay that way. Sometimes criminals will sit on stolen information for months or years before using it. This is where credit monitoring can help. These services will alert you if any unusual activity crops up on your credit report. Some, like Credit Karma, are free, and others, like LifeLock, are paid services. While both Equifax and Capital One have offered free credit monitoring to consumers affected by their data breaches, it’s unclear when those services will start.
Set up two-factor authentication. Two-factor authentication is a two-step process that adds a layer of security to your online accounts. Typically, each time you log in the website will text or call you with a one-time code you have to enter in addition to your usual login and password. Unless the hacker also has your cell phone, they won’t have the code and can’t access your account.
Change your passwords. Yes, again. In fact, change them frequently, make them strong (“password” and “123456” are NOT strong!), and don’t reuse them. That’s a lot of unique passwords to remember, so a password manager like LastPass or LogMeOnce can help you keep track of them all while staying secure.
Beware phishing. Scammers may take advantage of the worry surrounding a high-profile data breach and send phony emails purporting to be from the hacked company, a government agency, a bank, etc., asking you to enter or change your login information. Don’t click on links in emails without verifying they are from the real company, and don’t give out personal information over the phone. Secure websites will have an address that starts with https://, so don’t enter payment information into websites without it.
If you think you may have been affected by the Capital One data breach, the company’s customer service number for this issue is 1-800-227-4825.