Millions of Capital One customers have been impacted by a data breach that happened in March when a software engineer compromised a vulnerability to access the hosting system. This morning, the FBI reported its agents arrested a Seattle-based software engineer, named, Paige Thompson, for her efforts to expose 140,000 Social Security numbers and 80,000 bank account numbers, as well as credit scores, bank/credit card balances, and other “PII” classified personal information. In addition to the U.S. impact, our friends north of the Border should also be aware, as roughly 6 million Canadian customers also were impacted by this activity.
From Capital One:
“The number one thing consumers should do to protect their identities is to freeze their credit by contacting Equifax, Experian and TransUnion, which is the best way to prevent a criminal from opening an unauthorized account in your name. Unfortunately, only about 1 in 4 U.S. adults have frozen their credit.”
Why you Should be Concerned
Approximately 100 million people in the United States and 6 million more in Canada are affected, the company said, with about 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers compromised. If you find suspicious activity on your credit card, banks like Capital One allow you to freeze your card so that purchases can no longer be made.
3 Steps You Should Take Immediately:
- Freeze your Credit Sources (for now)
Freezing your credit is an essential part of ensuring your identity is protected in light of a compromise. This action ensures no one, including banks, can access your credit reports without your permission. At no charge to you, you can freeze your credit, either online or by phone, however, if freezing your credit isn’t an option, you can contact a credit bureau to set up fraud alerts.
- Change your account passwords immediately (and consider making them stronger)!
Contact your Synoptek Security Services representative for more information on a simple technique to create hard-to-break, easy-to-remember passwords. Also, setting up two-factor authentication, a second level of logging into your personal accounts, is an additional good precaution, whether through a text message sent to your phone or an external app such as Google Authenticator.
- Watch for the Scammers and Spammers!
It’s the not-so-new favorite game played: the Phishing Scam. Because this hack involved attaining so much personal information, it’s likely this exploit could lead to massive phishing campaigns for Capital One clients. Personalized phishing messages are designed to look as if they are coming from a legitimate bank or other familiar organization, so to remain safe, don’t click links from untrusted or unknown sources, and never NEVER give out personal information over the phone, even if the person contacting you claims to represent a trusted organization.
Capital One also advises individuals to check their respective credit reports to ensure fraudulent accounts haven’t been opened— and flag any reported balances that don’t match up to specific banking statements (do this at least once every quarter). Cybersecurity attacks happen all the time, but there are some best practices that could help protect your data, and Synoptek continues to remain vigilant in the fight against compromise to these sensitive and critical assets.