How to find out if your data was stolen in the Capital One hack, and what you can do about it

source
REUTERS/ Brendan McDermid

Capital One revealed a major data breach on Monday.

It said the breach included the personal information of over 100 million people, ranging from Social Security numbers to bank-account numbers and names.

If you applied for a Capital One credit card from 2005 through early 2019, there’s a good chance you’re affected.

But how to find out for sure? Here’s what we’ve got so far.


First and foremost, here’s a comprehensive list of what Capital One says was lost in the data breach:

source
Roman Tiraspolsky/Shutterstock

Capital One said the breach “affected approximately 100 million individuals in the United States and approximately 6 million in Canada.”

It said the primary information involved in the hack was from “consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019.”

More plainly, that means if you applied for a Capital One credit card at any point in the 14 years from 2005 to 2019, you were probably affected.

What information was taken in those instances? “Names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income,” Capital One said.

And that’s not all: Capital One said that “about 140,000 Social Security numbers” from credit-card customers were taken, as well as “about 80,000 linked bank account numbers” from secured credit-card customers and “approximately 1 million Social Insurance Numbers” from Canadian credit-card customers.

It is, in short, a huge mess.


So how to know if you’re affected? There are a few things you can do. 1. Wait patiently for Capital One to tell you whether you’re affected.

source
Screenshot

In announcing the data breach on Monday, Capital One said it would “notify affected individuals through a variety of channels.”

Moreover, the company is offering “free credit monitoring and identity protection available to everyone affected.”

It is unclear whether any of the 100 million-plus people affected have been notified – as of Tuesday, none of the Capital One customers in our newsroom who we talked to had received any correspondence. Representatives for the company didn’t respond to repeated requests for comment.

The company didn’t send a general notification to customers about the hack – the only way to learn about it was through social media and news reports.


2. Freeze your credit!

source
Shutterstock/Northfoto

In the worst-case scenario in a data breach like this, your Social Security number and personal information could be used for identity theft.

In a slightly less awful possibility, your credit card could be used to buy things.

And in an even less awful possibility, you may see an increase in “phishing” attempts via email and/or phone – essentially, more spam emails and robocalls.

There is, at the very least, one solid option for protecting against the worst scenario: a credit freeze.

Check out our full instructions for freezing your credit with the various credit-scoring agencies.


3. Stay vigilant! Monitor your credit-card bill and report any potentially fraudulent activity to Capital One.

source
WAYHOME studio/Shutterstock

At the bare minimum, there’s one very easy security protection you can take: Pay attention to your credit-card bill and bank statements.

If you see something that looks out of place, call your credit-card company or bank.

Notably, Capital One said that “no credit card account numbers or log-in credentials were compromised” in the breach and that “over 99 percent of Social Security numbers were not compromised.”

So it’s unlikely you’ll suddenly encounter fraudulent transactions on your credit card or in your bank account – but it sure doesn’t hurt to pay slightly closer attention.


4. Consider a service to protect against identify theft.

source
Universal

Between the massive Equifax data breach of 2017 and this massive Capital One data breach, it’s been a bad few years for keeping personal data secure.

If it’s freaking you out, that’s totally understandable. Perhaps it’s time to consider enrolling in a service to protect yourself from identity theft.

Both Equifax and Capital One are offering free identity-theft protection to the hundreds of millions of people affected in their breaches, but you may want to shop around and decide which of the many services is right for you.