One of the largest banks in the United States announced this week that a data breach impacted more than 100 million people and businesses throughout North America.
Capital One revealed July 29, 2019, that just 10 days prior, an outside individual obtained unauthorized access to “certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.”
Consumers and small business who applied for a Capital One product between 2005 and early 2019 make up the majority of information accessed through this breach, according to a fact sheet produced by the company.
Personal information associated with the data includes:
- Social Security numbers
- Bank account numbers
- Zip codes/postal codes
- Phone numbers
- Email addresses
- Dates of birth
- Self-reported income
Additionally, the alleged intruder obtained pieces of credit card customer data, such as:
- Credit scores
- Credit limits
- Payment history
- Contact information
People and businesses affected by this incident should take a variety of precautionary steps listed later in this article.
How Did The Breach Happen?
The FBI reports that a criminal complaint has been filed against Paige A. Thompson, a software engineer. The complaint alleges that Thompson, operating under her alias of “erratic,” stole information from Capital One servers after intruding through a misconfigured web application firewall. She then posted the stolen information on GitHub.
Unlike some cybersecurity incidents we’ve written about in the past, Capital One appears to have taken swift action upon learning what happened. A GitHub user alerted Capital One about the potential theft on July 17, and two days later, Capital One contacted federal agents.
“Computer fraud and abuse is punishable by up to five years in prison and a $250,000 fine,” says the FBI.
How Can I Mitigate The Effects Of The Breach On Myself And My Company?
First, we should note that Capital One has taken steps to ease the burden on consumers. They offer free credit monitoring and identity protection to those affected by this breach. Their customer service line is also available at 1-800-227-4825.
Second, you can take a variety of steps to protect your information as a result of this incident.
- Change your passwords. Whether your data pops up on the regular web or the dark web, you’ll want it to be useless to people looking to exploit it. A password manager can speed up this process, and it might even suggest to you when to change your passwords in response to breaches like this one.
- Turn on multifactor authentication. Accessing an account with sensitive data should be a two-step process. Whether it’s an app or a code texted to your phone, authenticate your way into services with more than just a password.
- Place a credit freeze with the major credit reporting bureaus. This prevents cybercriminals from opening up new accounts with the consumer’s knowledge, according to Consumer Reports.
- Monitor bank and credit card statements. This way, you can tell if there is any unusual activity.
- Manage your firewalls. In reaction to this kind of incident, businesses should be proactive about firewall management.
How prepared is your business for a cybersecurity incident? Take this 5-question quiz to find out!
Image by Michal Jarmoluk from Pixabay