The Capital One breach involves the theft of more than 100 million customer records, 140,000 Social Security numbers and 80,000 linked bank details of Capital One customers, allegedly stolen by a single insider, according to court filings in Seattle.
The details set it apart from breaches of companies such as Equifax and Marriott, which were attacked from the outside by criminals with a nation-state connection. Instead, according to the indictment of Paige Thompson, she was able to exploit a loophole in a Capital One application’s firewall to gain access to the information.
Here are the guidelines to determine if your information had been accessed as well as instructions on how to shore up account security.
- Capital One will notify affected individuals through “a variety of channels” and offer free credit monitoring and identity protection available to all affected.
- Capital One believes “it is unlikely that the information was used for fraud or disseminated.”
- Enroll in account text and/or email alerts to help keep track of activity.
- Monitor credit card accounts for unusual or suspicious activity.
- Call the number on the back of the credit card if unusual activity is observed.
- Stay vigilant about the possibility of phishing emails and calls following the breach. Phishing is a malicious attempt to access personal information or bank accounts by posing as a legitimate company or official.
- Capital One is not calling customers to ask for credit card or account information or Social Security numbers over the phone or via email.
- Report emails suspected of phishing activity by forwarding it to the official Capital One security account, firstname.lastname@example.org. Do not reply to suspicious emails and delete them after forwarding them to Capital One.