Just as consumers are starting to claim their share of the settlement for the 2017 Equifax data breach, Capital One has announced that the personal information of about 100 million Americans and 6 million Canadians was exposed in a hack that took place last March. Software engineer Paige Thompson has been charged with exploiting a vulnerability in Capital One’s network and gaining access to information on people as of the time they applied for a Capital One credit card, dating back to 2005. The data includes names, birth dates, mailing addresses, zip codes, e-mail addresses, phone numbers and self-reported income.
Although Capital One says that credit-card numbers and online log-in credentials were not compromised, the exposure did include details such as credit scores, credit limits, balances and payment history. Plus, the Social Security numbers of about 140,000 credit-card customers and about 80,000 linked bank-account numbers of customers with secured credit cards were breached.
Capital One says that it will notify those affected “through a variety of channels” and that it will offer credit-monitoring and identity-protection services. But if you think that you’re likely a victim, you don’t have to wait to act. Take these steps now to protect your identity or to spot fraud quickly if it does happen.
From just $107.88 $24.99 for Kiplinger Personal Finance
Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
1. Beware Phishing Scams
Given that the breach involved e-mail addresses and phone numbers as well as names and other bits of info, crooks may target victims with e-mails, text messages or phone calls in attempts to collect money or personal data. A fraudster posing as a representative of a financial institution or government agency, for instance, may call you and mention your name, date of birth or other personal details to gain your trust, then ask you to recite your credit-card number or Social Security number to “confirm” it. “Never authenticate yourself to anyone who contacts you by e-mail or phone,” says Adam Levin, founder of identity-protection service CyberScout. If you’re not sure that a call or message is legitimate, look up the institution’s phone number and call it to see whether it truly contacted you. Don’t click on links or attachments in any e-mail or text message that look suspicious—they could lead you to a scam website or infect your device with malware.
Capital One is also warning customers to watch out for e-mails and calls from scammers claiming to be the bank. If you do receive a fraudulent e-mail, forward it to abuse@capitalone.com.
2. Sign Up for Transactional Alerts
Whether or not your bank-account information was exposed in the Capital One breach, it’s a good idea to receive e-mail or text-message alerts each time a new charge hits your bank account or credit card. Set up the notifications for the lowest transaction amount possible—crooks often test accounts with small charges before they rack up bigger ones. If you do see a charge that you don’t recognize, contact your bank or card issuer right away.
3. Practice Healthy Password Hygiene
Capital One has indicated that customers’ account passwords are safe. But based on other information gleaned about you through the breach or, say, from your social-media accounts, crooks may be able to figure out or change your passwords for various online accounts—especially if your password is obvious, such as your birth date or a pet’s name—and use the passwords in combination with your e-mail address to log in.
A password manager such as LastPass helps you create and store strong and unique passwords for each account you have. When possible, set up two-factor authentication for your online accounts. If there’s an attempt to log in to the account from a device that you’ve never used, for example, you may have to verify that it’s you by entering a code that you receive via text message.
4. Keep Tabs on Your Credit Reports
If you’re among those whose Social Security numbers were compromised, you may be at a higher risk for a criminal to open new credit cards or loans in your name. But anyone benefits from taking advantage of a credit-monitoring service, which sends you an alert each time a significant change—a new credit-card account, for example—pops up on your credit report.
While you wait you wait for Capital One to roll out its credit-monitoring service, check out other free options. CreditKarma.com monitors your TransUnion and Equifax credit reports, and FreeCreditScore.com covers your Experian report. If you’re affected by the Equifax data breach, you’re eligible to get four years of free monitoring of all three reports—but the service isn’t yet available.
You can also check your credit report from each agency free every 12 months at AnnualCreditReport.com. Pore over your reports for any accounts that you don’t recognize or other signs of fraud, such as a mailing address that isn’t yours (crooks may redirect your mail).
5. Freeze Your Credit Reports
A freeze is the best way to prevent criminals from opening new credit accounts in your name. Lenders can’t view your frozen credit report in response to a request for a new credit card or loan, so they’re unlikely to grant credit to someone pretending to be you. Check out our guide on how to freeze your credit.
-
3 Ways to Stretch the 2026 Social Security COLA For Your BudgetThree steps retirees can take to stretch the Social Security COLA to fit their budgets.
-
How to Keep Your Charitable Giving Momentum Going All YearInstead of treating charity like a year-end rush for tax breaks, consider using smart tools like DAFs and recurring grants for maximum impact all the year.
-
Uber Takes Aim at the Bottom Lines of Billboard LawyersUber has filed lawsuits and proposed a ballot initiative, in California, to curb settlements it claims are falsely inflated by some personal injury lawyers.
-
Amazon Resale: Where Amazon Prime Returns Become Your Online BargainsFeature Amazon Resale products may have some imperfections, but that often leads to wildly discounted prices.
-
Roth IRA Contribution Limits for 2026Roth IRAs Roth IRAs allow you to save for retirement with after-tax dollars while you're working, and then withdraw those contributions and earnings tax-free when you retire. Here's a look at 2026 limits and income-based phaseouts.
-
Four Tips for Renting Out Your Home on Airbnbreal estate Here's what you should know before listing your home on Airbnb.
-
Five Ways to a Cheap Last-Minute VacationTravel It is possible to pull off a cheap last-minute vacation. Here are some tips to make it happen.
-
How Much Life Insurance Do You Need?insurance When assessing how much life insurance you need, take a systematic approach instead of relying on rules of thumb.
-
When Does Amazon Prime Day End in October? Everything We Know, Plus the Best Deals on Samsonite, Samsung and MoreAmazon Prime The Amazon Prime Big Deal Days sale ends soon. Here are the key details you need to know, plus some of our favorite deals members can shop before it's over.
-
How to Shop for Life Insurance in 3 Easy Stepsinsurance Shopping for life insurance? You may be able to estimate how much you need online, but that's just the start of your search.
-
Five Ways to Shop for a Low Mortgage RateBecoming a Homeowner Mortgage rates are high this year, but you can still find an affordable loan with these tips.
