Just as consumers are starting to claim their share of the settlement for the 2017 Equifax data breach, Capital One has announced that the personal information of about 100 million Americans and 6 million Canadians was exposed in a hack that took place last March. Software engineer Paige Thompson has been charged with exploiting a vulnerability in Capital One’s network and gaining access to information on people as of the time they applied for a Capital One credit card, dating back to 2005. The data includes names, birth dates, mailing addresses, zip codes, e-mail addresses, phone numbers and self-reported income.
Although Capital One says that credit-card numbers and online log-in credentials were not compromised, the exposure did include details such as credit scores, credit limits, balances and payment history. Plus, the Social Security numbers of about 140,000 credit-card customers and about 80,000 linked bank-account numbers of customers with secured credit cards were breached.
Capital One says that it will notify those affected “through a variety of channels” and that it will offer credit-monitoring and identity-protection services. But if you think that you’re likely a victim, you don’t have to wait to act. Take these steps now to protect your identity or to spot fraud quickly if it does happen.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
1. Beware Phishing Scams
Given that the breach involved e-mail addresses and phone numbers as well as names and other bits of info, crooks may target victims with e-mails, text messages or phone calls in attempts to collect money or personal data. A fraudster posing as a representative of a financial institution or government agency, for instance, may call you and mention your name, date of birth or other personal details to gain your trust, then ask you to recite your credit-card number or Social Security number to “confirm” it. “Never authenticate yourself to anyone who contacts you by e-mail or phone,” says Adam Levin, founder of identity-protection service CyberScout. If you’re not sure that a call or message is legitimate, look up the institution’s phone number and call it to see whether it truly contacted you. Don’t click on links or attachments in any e-mail or text message that look suspicious—they could lead you to a scam website or infect your device with malware.
Capital One is also warning customers to watch out for e-mails and calls from scammers claiming to be the bank. If you do receive a fraudulent e-mail, forward it to abuse@capitalone.com.
2. Sign Up for Transactional Alerts
Whether or not your bank-account information was exposed in the Capital One breach, it’s a good idea to receive e-mail or text-message alerts each time a new charge hits your bank account or credit card. Set up the notifications for the lowest transaction amount possible—crooks often test accounts with small charges before they rack up bigger ones. If you do see a charge that you don’t recognize, contact your bank or card issuer right away.
3. Practice Healthy Password Hygiene
Capital One has indicated that customers’ account passwords are safe. But based on other information gleaned about you through the breach or, say, from your social-media accounts, crooks may be able to figure out or change your passwords for various online accounts—especially if your password is obvious, such as your birth date or a pet’s name—and use the passwords in combination with your e-mail address to log in.
A password manager such as LastPass helps you create and store strong and unique passwords for each account you have. When possible, set up two-factor authentication for your online accounts. If there’s an attempt to log in to the account from a device that you’ve never used, for example, you may have to verify that it’s you by entering a code that you receive via text message.
4. Keep Tabs on Your Credit Reports
If you’re among those whose Social Security numbers were compromised, you may be at a higher risk for a criminal to open new credit cards or loans in your name. But anyone benefits from taking advantage of a credit-monitoring service, which sends you an alert each time a significant change—a new credit-card account, for example—pops up on your credit report.
While you wait you wait for Capital One to roll out its credit-monitoring service, check out other free options. CreditKarma.com (opens in new tab) monitors your TransUnion and Equifax credit reports, and FreeCreditScore.com (opens in new tab) covers your Experian report. If you’re affected by the Equifax data breach, you’re eligible to get four years of free monitoring of all three reports—but the service isn’t yet available.
You can also check your credit report from each agency free every 12 months at AnnualCreditReport.com (opens in new tab). Pore over your reports for any accounts that you don’t recognize or other signs of fraud, such as a mailing address that isn’t yours (crooks may redirect your mail).
5. Freeze Your Credit Reports
A freeze is the best way to prevent criminals from opening new credit accounts in your name. Lenders can’t view your frozen credit report in response to a request for a new credit card or loan, so they’re unlikely to grant credit to someone pretending to be you. Check out our guide on how to freeze your credit.
-
-
As Fed Raises Rates 0.25%, Savings Rates Set to Rise, Too
Some experts say now would be a good time to lock in a much better savings rate on your accounts.
-
Medical Tourism Can Get You Healthcare Bargains Abroad
Millions of Americans partake in medical tourism each year. If you can’t afford a medical procedure in the U.S., consider investigating options overseas.
-
Best Cash Back Credit Cards March 2023
Smart Buying Looking for the credit card that pays the most cash back? These lenders may pay hundreds of dollars, with minimum hassle.
-
I-Bond Rate Is 6.89% for Next Six Months
Investing for Income If you missed out on the opportunity to buy I-bonds at their recent high, don’t despair. The new rate is still good, and even has a little sweetener built in.
-
What Are I-Bonds?
savings bonds Inflation has made Series I savings bonds enormously popular with risk-averse investors. How do they work?
-
Your Guide to Open Enrollment 2023
Employee Benefits Health care costs continue to climb, but subsidies will make some plans more affordable.
-
Watch Out for Flood-Damaged Cars from Hurricane Ian
Buying & Leasing a Car In the wake of Hurricane Ian, more flood-damaged cars may hit the market. Car prices may rise further because of increased demand as well.
-
What You Need to Know About Life Insurance Settlements
life insurance If your life insurance payments don’t seem worth it anymore, consider these options for keeping the value.
-
Best Travel Rewards Credit Cards March 2023
credit cards Business road warriors and leisure travelers can use travel rewards credit cards to turn miles logged into other things — including more travel.
-
What Is APR?
Even for those who pay off their credit card balances every month, knowing your APR is part of keeping good credit habits.
