In one of the biggest data breaches, a hacker by the name Paige Thompson gained access to more than 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information. However, the company stated no credit card account numbers or log-in credentials were compromised in the breach.
Capital One first heard about the hack on July 19th, but waited until July 29th to inform customers as they worked with law enforcement to investigate the breach.
Paige who is 33-year-old, and lives in Seattle, had previously worked as a software engineer for Amazon Web Services, the cloud hosting company that Capital One was using. She was able to gain access on March 22 and 23 by exploiting a misconfigured web application firewall.
Thompson posted the information on GitHub, a site where developers store their projects and network with like-minded people, using her full name and also boasted on social media that she had Capital One information and the method she used to obtain the data.
What will Capital One do for you?
The breach affected around 100 million people in the United States and about 6 million people in Canada, according to Capital One. Consumers and small businesses who applied for Capital One credit cards from 2005 through early 2019 are most at risk at this time. Capital One will offer $125 to anyone whose data was hacked or free credit monitoring for 10 years.
What should you do to protect yourself?
SecurityOrb.com recommends the following steps to protecting yourself after a possible data breach:
- Change your passwords immediately and when creating the new password use a combination of upper and lower case letters, numbers and symbols, and that each website you visit should have a unique password.
- You should consider using multifactor authentication instead of passwords.
- You should never give out personal details over the telephone, even if the caller seems to represent Capital One or the email appears to be from a Capital One address.
- You need to be careful whenever you are contacted by an unsolicited caller. Hang up and call the number on your card.
- You should immediately freeze your credit reports at the three major firms: Equifax, Experian and TransUnion.
- You should check your credit card statement to make sure there are no unauthorized charges.
- You should file your taxes as early as possible.
This is the latest in a long line of data breaches, privacy violations and hacks affecting hundreds of millions of Americans.
- Two years after Equifax revealed that hackers accessed the personal information of up to 147 million people.
- Last year, Facebook announced that U.K.-based Cambridge Analytica improperly accessed 87 million Facebook users’ data.
- WhatsApp, the messaging and audio app owned by Facebook, announced last May that hackers were able to install spyware on Android smartphones and Apple
Capital One says it will notify affected individuals via a variety of channels, and make free credit monitoring and identity protection available to everyone affected.