Capital One announced late Monday that it was the subject of a massive data breach, involving data on roughly 100 million U.S. customers and another 6 million from Canada.
The bank said it discovered the unauthorized access to secure data on July 19, faulting a single hacker who has since been arrested for the breach. Capital One said they believe “it is unlikely that the information was used for fraud or disseminated.”
Capital One stressed that no log-in information or account numbers had been stolen in the breach. The bulk of the data was from customers who applied for Capital One credit cards from 2005 to 2019, exposing names, addresses, zip codes, dates of birth, contact information, income data, credit scores, and a small slice of transaction history.
But Social Security numbers on 140,000 Americans – and Social Insurance Numbers from another 1 million Canadians – were stolen. Those relate only to applications for business credit cards, as individuals can often use those federal ID numbers as employer identification numbers.
Capital One CEO Richard Fairbank apologized for the incident. The company says it will contact all affected customers and pledged to provide free credit monitoring and identity protection to its customers.
“I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The massive data breach comes just days after Equifax settled with the U.S. over a 2017 data breach that exposed data on more than 147 million consumers. Equifax's settlement clocked in at $650 million, and the credit monitoring bureau has agreed to pay out $125 or more to affected consumers.
It seems that the bulk of the data stolen in this breach doesn't bring the risk of fraud. Still, it would pay to log in to your Capital One accounts to check for incorrect charges, change your passwords, and stay alert.
And remember that when technology is involved, security is always a question mark.