On July 29th, 2019, American credit provider Capital One announced that an unauthorized individual had accessed the personal information of millions of customers.

Here is what we know so far:

  • The breach itself occurred around July 19, 2019.
  • Approximately 100 million American customers and 6 million Canadian customers were affected by this breach.
    • The majority of customers had personal information breached that they had given on credit card applications, such as names, addresses, phone numbers, income, etc.
    • Also exposed was certain account details, including credit scores and limits, payment history and transaction history.
  • According to Capital One, less than 1% of affected accounts in America had social security numbers breached, with around 200,000 falling victim.
  • However, this was much worse in Canada. Capital One reported that 1 million Canadian customers had their social insurance numbers breached (1 in 6 Canadian victims).

How this happened:

  • The breach was allegedly committed by a hacker from Seattle.
    • This person, identified as Paige A. Thompson, was a former Amazon employee and had displayed erratic behavior online for the past few months.
    • They have now been arrested by the FBI.
  • The breach was committed through the hacker accessing data stored by Captial One on an Amazon cloud through exploiting a weak firewall.
    • Amazon has stated that the cause was not on their end, rather on Captial One’s end for using a weak firewall.
    • Capital One has stated that the problem has now been fixed.

Have you been in a breach? Check Now

Next steps:

Capital One will be providing updates to victims. However, in the meantime, there are a few steps you should consider taking after potentially being involved in this breach.

  1. Sign up for credit monitoring. Services such as Equifax and Transunion can monitor your accounts, looking for any suspicious activity. Capital One has promised free credit monitoring to be made available, but it is better to start sooner than later with this monitoring.
  2. Regularly check your accounts. Know what your transaction history is supposed to look like. If there are any abnormalities, investigate.
  3. Be aware you may be targeted for additional scams. Often, victims of major breaches are approached by scammers pretending to be the breached company seeking to give you compensation. Be wary of anyone asking you for any personal information.

Good sources for additional information:

  1. Capital One Press Release
  2. Wall Street Journal Online