Capital One disclosed on July 29, 2019, that it suffered a data breach. A notice from the Justice Department states that Capital Once discovered the breach on July 17th. Following an internal investigation, Capital One confirmed the breach, fixed the firewall vulnerability, and informed the FBI.

capital one data breach

Background on the Capital One Data Breach

Capital One acted on the breach after receiving a tip from an anonymous GitHub user. The user saw a database with Capital One data floating around on GitHub and contacted the company. The FBI was promptly able to identify the hacker as a Paige A. Thompson, of Seattle, who went by the name “erratic.”

The US Justice Department established that Thompson, a former employee at Amazon Web Services, was able to access an Amazon Web Server containing customer information on March 22 and March 23, 2019. The FBI and the Justice Department were able to identify Thompson based on data that she shared on her social media accounts. A hearing For Thompson is scheduled for August 1, 2019.

According to the company’s statement, none of the data released was used for fraudulent purposes. However, Capital One will continue monitoring the situation and will inform users of further information.

Data Affected in the Capital One Data Breach

According to Capital One’s release data the breach affected:

  • 100 million people in the United States and
  • 6 million people in Canada.

However, the company states that no credit card numbers or log-in credentials were compromised.

Additionally, over 99% of Social Security numbers were not compromised. In the United States, Capital One estimates 140,000 Social Security numbers and 80,000 linked bank account numbers of secured credit card customers were compromised. While in Canada, around 1 million Social Insurance Numbers were compromised.

The largest group of data that the hacker was able to access from Capital One was information from credit card applications from individual users and small businesses spanning 2005 to 2019. This information included:

  • names,
  • addresses,
  • zip codes/postal codes,
  • phone numbers,
  • email addresses,
  • dates of birth, and
  • self-reported income.

The hacker was also able to obtain a portion of credit card customer data, including customer status data, e.g., credit scores, credit limits, balances, payment history, contact information. And, the individual obtained fragments of transaction data from a total of 23 days during 2016, 2017, and 2018.

Steps for Those Affected

On its website, Capital One indicated that it will notify parties who were affected through a variety of channels. The company will provide free credit monitoring and identity protection available to everyone affected. Customers can take a look at Capital One’s FAQ Page to learn more

It’s important to note, Capital One asks users to be careful of phishing. While the company can reach out, it will not ask for personal information like account/credit card info, or Social Security number. Account-holders who believe that they have received a fraudulent email should follow the following steps:

  • Do not reply to the email.
  • Do not click on any of the links embedded in the email.
  • Forward the email to abuse@capitalone.com.
  • After forwarding the email to Capital One for investigation, delete it.
  • Be sure to monitor your account and call us if you notice any unusual activity.

While customers contacted by phone and email, and who have mistakenly given information, should proceed according to the following steps:

  • Call us immediately to report that your account information may have been compromised.
  • Sign in to Capital One Online Banking and change your password and security questions.
  • Check your accounts for suspicious activity.
  • Update and run anti-virus software on your computer.

Protect Yourself from Future Hacks and Data Breaches

Protecting yourself and your family from events like the Capital One data breach is important. While total protection is never a guarantee, users can act to minimize their exposure to data breaches.

Stay Vigilant

Check your bank and credit card statements carefully. If you notice any strange changes in your credit card statements, contact your bank and inform them of irregularities.

Credit Monitoring Services

Many card companies offer credit monitoring services to their users, which allows users to scan for fraudulent activity on their accounts. Cardholders are also eligible to receive one free copy of their credit report from one of the three major credit card agencies: Equifax, Experian, TransUnion. Capital One recommends that users do the following:

Once you receive your reports, review them for suspicious activity, such as inquiries from companies you did not contact, accounts you did not open, and debts on your accounts that you did not authorize.

Verify the accuracy of your Social Security number, address(es), complete name and employer(s).

Notify the credit bureaus if any information is incorrect in order to have it corrected or deleted.

Improve Your Home Network Security

While it can’t stop a huge breach like this, one of the best ways to better protect your individual financial data is to use a VPN or Virtual Private Network. A VPN (Virtual Private Network) is a security protocol to protect your data as it travels from your device to its destination by traveling through an encrypted tunnel. Like an armored car that protects its valuables while traveling on the streets, a VPN is there to provide non-stop, heavy protection for your Internet activity.

Using a VPN, especially when users are on the road, is an excellent way to protect data from hackers. And, for anyone looking for recommendations, FlashRouters has a few suggestions:

$3.19
PER MONTH
SIGN UP HERE!
  • Access 5000+ servers worldwide
  • No logs policy
$4.99
PER MONTH
SIGN UP HERE!
  • 1700+ Servers across 60+ countries
  • Integrates with the Tor anonymity network
$3.99
PER MONTH
SIGN UP HERE!
  • 1,500+ VPN servers in 75+ locations
  • Owns and operates its own servers

While VPNs on their own are excellent for user protection for the average user they are not enough. Most VPNs have a strict device limit for user accounts. Meaning, somebody looking to protect all their home networking devices may be out of luck. Plus, many devices like Rokus or IoT devices do not support native VPN configuration, leaving user data unprotected.

Luckily, there is a solution…

Protect Your Network with a FlashRouter

A FlashRouter is a router that has been flashed with Open Source firmware, like DD-WRT. Moreover, flashing a router with Open Source firmware removes any bugs or backdoors found in the router’s factory settings and opens the door for the device to be used as a tunnel to the VPN server of their choice.

And, FlashRouters offers users a dedicated US-based support team. Our support continually tests routers to find the newest and most stable builds. And, we work directly with clients to ensure optimal network performance.

Recommend devices to use with a VPN include:

NordLynx WiFi 6 Router – Privacy Hero

Privacy Hero 2 - Nordlynx Wireguard Supported VPN Router
$179.99
$249.99
BUY NOW
  • Perfect for Medium Homes
  • Perfect for 20-30 Devices

AX3000 WiFi 6 VPN FlashRouter

AX3000 WiFi 6 VPN FlashRouter
$129.99
$149.99
BUY NOW
  • Perfect for Medium Homes
  • Perfect for 20-30 Devices

Asus RT-BE88U WiFi 7 Merlin FlashRouter

Asus WiFi 7 BE88U VPN Router
$469.99
$599.99
BUY NOW
  • Upgraded with Custom Merlin Firmware.
  • Next Gen WiFI 7 Update of Asus favorite model.

Have any additional questions on the Capital One data breach or data security? Let us know what we can answer for you!