What is Happening?
On July 29, 2019, Capital One Financial Corporation announced that they suffered a data security incident in March of this year. An unauthorized individual was able to access the sensitive personal data contained in applications for credit products from 2005 to 2019, which could affect approximately 6 million individuals in Canada. Of those affected, about 1 million also had their Social Insurance Numbers compromised.
The personal information that was accessed included:
- Full names
- Physical addresses
- Phone numbers
- Dates of birth
- Email addresses
- Self-reported income
- Social Insurance Numbers of about 1 million people
For some customers, additional information stolen may have included customer status data such as credit scores, credit limits, balances, payment history, and fragments of transaction data. For a small portion of applicants, 80,000 linked bank account numbers were exposed.
According to the bank and the FBI, the individual who stole the data from Capital One’s network has been apprehended and while there is no evidence that the data was used for fraud or shared with anyone else, their investigation is ongoing.
What Should You Do?
- As a bank, Capital One holds a large amount of sensitive personal data. At a minimum, you should be regularly monitoring your bank and credit card statements, although that may not alert you to new account applications or other forms of identity theft.
- Be on the lookout for phishing emails, which may appear to come from a familiar source or use personal information. Be wary of emails or phone calls with urgent requests for help and/or secrecy.
- Consider changing your passwords. Although no log-in credentials were compromised as a result of this data security incident, regularly changing your passwords helps protect your financial accounts.