Capital One Data Breach: How to Know, and What You Should Do, If Your Account Has Been Compromised

Approximately, 140,000 Social Security numbers and 80,000 linked bank account numbers belonging to Capital One credit card customers were compromised according to a statement by the company issued yesterday.

On Monday, July 19, Capital One Financial Corporation confirmed that someone had gained unauthorized access to customer personal information relating to people who had applied for its credit card products and existing Capital One credit card customers in March 2019.

While the company had "immediately fixed the configuration vulnerability" which the hacker had exploited, approximately "100 million individuals in the United States and approximately 6 million in Canada" were affected. Further, approximately 1 million Social Insurance Numbers belonging to Canadian credit card customers were compromised.

The stolen data was hosted on Amazon Web Services, but the tech giant has denied any culpability or that its security was breached, placing the blame firmly on their client, Capital One.

The FBI has arrested a suspect in the case. Capital One states: "Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate."

Richard D. Fairbank, chairman and CEO of Capital One, said: "While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

How to know if you have been affected by the Capital One data breach

Capital One says it will notify "affected individuals through a variety of channels" and will make free credit monitoring and identity protection available to everyone affected.

However, if you are a personal or small business customer of Capital One, or have applied for a credit card between 2005 and early 2019, the chances are your data may have been compromised.

Other than social security numbers and bank account numbers, customer status data such as credit scores, credit limits, balances, payment history and contact information were also accessed. Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018 were also taken.

What should you do if you Capital One account has been compromised?

If you are a Capital One customer, you can enroll for account alerts to help keep track of your activity in your accounts. The company also "encourages customers to monitor their accounts for unusual or suspicious activity" and to call the number on the back of their Capital One credit card or on their statement if they see something out of the ordinary.

However, Andrew Martin, a former hacker and CEO of cyber-security firm DynaRisk, says that consumers should not wait for Capital One to contact them before taking action.

"The first thing Capital One customers should do is check whether their information has been stolen using dark web scanning services," he tells Newsweek. "They can check whether a consumer's personal information has been stolen, alert consumers to any potential vulnerabilities and provide a personal cybersecurity 'score.'"

He also warns that the repercussions of personal information being stolen mean that bank accounts are not the only thing at stake: "Capital One customers should also make sure their privacy settings on social media are enabled and watertight to avoid situations such as identity theft and fraud."

"Although the company has claimed it is unlikely the information stolen will be used for fraud, it's possible that the data will have been shared among cybercriminal communities," he says to Newsweek. "Similarly, it will be essential for customers to ensure that all passwords are strong and unique."