More than 100 million credit card applicants had their personal information compromised in the Capital One hack announced Monday, illustrating once again just how vulnerable consumer data can be even for the most security-minded organizations.
The hack, one of the largest ever against a financial services firm, comes just days after the credit-reporting company Equifax reached a $700 million settlement with U.S. regulators over the high-profile 2017 cyberattack that exposed the data of 147 million people.
FBI agents arrested a Seattle software engineer, Paige Thompson, on accusations of computer fraud. The bank says the hack exposed 140,000 Social Security numbers and 80,000 bank account numbers, as well as credit scores, balances, and personal information such as addresses, birthdays and contact information. Roughly 6 million Canadian customers also were affected, Capital One said.
Worried your data might have been exposed in the hack? Here’s how to make sure your accounts are secure and to safeguard yourself against future attacks.
– Check your accounts for suspicious activity
Capital One will notify customers affected by the breach and is offering free credit monitoring and identity protection.
In the meantime, check your recent credit card statements and bank account transactions for suspicious activity. You should also check your credit report to see if any false accounts or credit cards have been opened in your name. Report any concerning activity to your bank immediately.
– Freeze your credit
Freezing your credit is a crucial step in identity protection, as it ensures no one, including banks, can access your credit reports without your permission. You can freeze your credit for free, either online or by phone, according to Ted Rossman, a CreditCards.com analyst.
“The number one thing consumers should do to protect their identities is to freeze their credit by contacting Equifax, Experian and TransUnion,” Rossman said. “This is the best way to prevent a criminal from opening an unauthorized account in your name. Unfortunately, only about 1 in 4 U.S. adults have frozen their credit.”
If freezing your credit isn’t an option, you can contact a credit bureau to set up fraud alerts, said Daniel Markuson, a digital privacy expert at NordVPN.
“Fraud alerts flag creditors and they verify your identity before issuing new credit in your name,” Markuson said in a statement to The Post. “Such alerts usually last for a year but can be renewed.”
– Change your passwords often
Rossman said a poll by CreditCards.com found that more than 80 percent of adults in the United States reuse their passwords. Setting up two-factor authentication, a second level of logging into your personal accounts, also is a good idea, whether that’s through an text message sent to your phone or an external app such as Google Authenticator.
– Stay alert for possible scams
Because the hack involved a great deal of personal information, it’s possible it could lead to a rise in phishing scams, Markuson said
“Personalized phishing messages are designed to look as if they are coming from a legitimate bank or other familiar organization,” Markuson said. “Such scams are usually very effective as criminals use a piece of real information, for example, your name and address.”
To protect yourself from scammers, don’t click links from parties you don’t trust and don’t give out personal information over the phone, even if the person contacting you claims to represent a trusted organization.
(c) 2019, The Washington Post · Taylor Telford, Hannah Denham