What You Need to Know About the Capital One Data Breach

Allen St. John

Updated July 30, 2019 at 11:32 AM

Consumer Reports has no financial relationship with advertisers on this site.

A hacker gained access to around 100 million Capital One customer accounts and credit card applications this spring, according to the credit card giant, giving consumers yet another reason to lock down their credit.

According to the company, most of the information came from consumers and small businesses that applied for Capital One credit cards from 2005 through early 2019. The information on the applications included extremely sensitive personal information including names, addresses, ZIP codes, phone numbers, email addresses, birth dates, and self-reported income.

Capital One says its initial analysis indicates that the data wasn't disseminated or used for fraud.

Beyond the credit card application data, the hacker also obtained customer data including credit scores, credit limits, balances, payment history and contact information, as well as some transaction data from a total of 23 days during 2016, 2017, and 2018.

Capital One added that about 140,000 Social Security numbers belonging to credit card customers were also compromised, along with the linked bank account numbers of about 80,000 secured credit card customers. The breach also affects about six million Capital One customers in Canada.

No credit card numbers or log-in credentials were compromised in the breach, according to Capital One.

The company has said that it will notify affected consumers but didn't specify how those notifications would be delivered. The company said it will make free credit monitoring and identity protection available to everyone affected.

What You Should Do

The personal nature of the information stolen puts consumers at risk for an increasingly popular form of identity theft. "This is very concerning because sensitive information like bank account numbers and Social Security numbers were disclosed and they can be used to create new accounts," says Maureen Mahoney, a policy analyst for Consumer Reports.

Mahoney notes that new account fraud is on the rise, with U.S. consumers losing $3.4 billion in 2018, up from $3 billion in 2017, according to a study by the research firm Javelin. "It's also one of the most difficult types of fraud to detect and resolve," she adds.

Mahoney advises consumers to immediately place credit freezes with each of the three major credit reporting bureaus—Equifax, Experian, and TransUnion—to prevent cyber thieves from opening new accounts without the consumer's knowledge.

Credit freezes—as well as the temporary lifting of a freeze when you need to apply for a loan or a mortgage—are free but used to carry a small charge.

She also suggests that in addition to monitoring your bank and credit card statements, you should regularly check your credit reports and report any unusual or suspicious activity immediately.

Late Reporting, an Early Arrest

The Capital One breach is unusual in the speed with which the alleged perpetrator was apprehended and the incident was reported to the public.

The FBI has arrested Paige Thompson, 33, a software engineer in Seattle. The bank called her "a highly sophisticated individual [who] was able to exploit a specific configuration vulnerability in our infrastructure." Thompson, who used the online handle "erratic," was caught after she posted about her exploits on Slack and the information sharing site GitHub.

"Capital One had no idea that someone inappropriate had accessed huge amounts of sensitive data until the attacker bragged about it in Slack?" asks Brian Vecci, field CTO of Varonis, a security firm. "It’s likely that if Capital One had been monitoring this data in the right ways that they’d have seen unusual access and been able to take action even sooner."

The company reported a similar breach in 2014, when an employee gained unauthorized access to consumer accounts.

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Richard D. Fairbank, chairman and CEO, in a press release. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

Capital One estimated the costs to the company at between $100 to $150 million. "Consumers should rightfully be asking why an apparently major data breach only costs the offending company at most about a dollar fifty per affected customer," says Vecci. "If the costs of exposing personal information are small enough to not matter, there’s no incentive for companies like Capital One to do more to protect data."

The company took 10 days to report the incident to the public. That's much quicker than the Equifax breach in which a vulnerability was discovered in late July 2017, but not disclosed to consumers until early September.

The vulnerability was reported to Capital One by an external security researcher on July 17, 2019. The credit card company says began its own internal investigation and confirmed the information on July 19, 2019, and the reported it to the FBI. The breach occurred on March 22 and 23 of this year, according to the company.

Consumer advocates cite the breach as a call for tough legislation that would compel companies to protect consumer data more carefully.

"There need to be strong laws requiring companies to keep data secure," says CR's Mahoney. "With strong enforcement to make sure they actually comply."

Correction: In a previous version of this article, two typos made reference to Credit One. In these cases, Consumer Reports intended to refer to Capital One. Additionally, we reported that Paige Thompson was a former Capital One software engineer. She was not employed by the company.

Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. CR does not endorse products or services, and does not accept advertising. Copyright © 2019, Consumer Reports, Inc.

Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from
With free agency and the draft behind us, what 32 teams look like today will likely be what they look like Week 1 and beyond for the 2024 season. Matt Harmon and Scott Pianowski reveal the post-draft fantasy power rankings. The duo break down the rankings in six tiers: Elite offensive ecosystems, teams on the cusp of being complete mixed bag ecosystems, offensive ecosystems with something to prove, offenses that could go either way, and offenses that are best to stay away from in fantasy.
Yahoo Sports
Fantasy Baseball Waiver Wire: Jonny DeLuca leads intriguing pickups
Fantasy baseball analyst Andy Behrens offers up a fresh batch of midweek pickups to consider, led by a former Dodgers prospect.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Sports
Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing
The Cardinals' nightmare season continues.
Yahoo Finance
These 3 stocks are poised to benefit from the massive energy transition
The energy transition will benefit companies providing electrical needs for surging demand. Analysts point to these three stocks as a Buy.
Yahoo Sports
Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful
Teams have made their big splashes in free agency and made their draft picks, it's time for you to do the same. It's fantasy football mock draft time. Some call this time of year best ball season, others know it's an opportunity to get a leg up on your competition for when you have to draft in August. The staff at Yahoo Fantasy did their first mock draft of the 2024 season to help you with the latter. Matt Harmon and Andy Behrens are here to break it all down by each round and crush some staff members in the process.
Yahoo Sports
Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers
Fantasy baseball analyst Fred Zinkie offers up his top buy low/high and sell low-high candidates for Week 6.
Yahoo Sports
Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns
Ball hasn't played since the 2021-22 season.
Yahoo Sports
2024 NFL Team Fantasy Football Power Rankings, 1.0
With NFL rosters pretty much set before training camp, Scott Pianowski reveals his first set of team fantasy power rankings for the 2024 season.
Yahoo Sports
Phil Mickelson on the majors: 'What if none of the LIV players played?'
Phil Mickelson hints that big changes could be coming to LIV Golf's rosters, and the majors will need to pay attention.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
Indianapolis Star bars columnist Gregg Doyel from covering Caitlin Clark, Fever after inappropriate exchange
Doyel is also reportedly suspended for two weeks without pay.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
NFL Draft fashion: Caleb Williams, Malik Nabers dressed to impress, but Marvin Harrison Jr.'s medallion stole the show
Every player was dressed to impress at the 2024 NFL Draft.
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Yahoo Sports
Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL
Kelly allegedly harassed a female strength and conditioning coach who sued him and the Toronto Argonauts in February.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Stormy Daniels returns to witness stand in Trump's hush money trial

What You Need to Know About the Capital One Data Breach

What You Should Do

Late Reporting, an Early Arrest

Recommended Stories

The FDIC change that leaves wealthy bank depositors with less protection

Former NBA guard Darius Morris dies at 33

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Fantasy Baseball Waiver Wire: Jonny DeLuca leads intriguing pickups

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

These 3 stocks are poised to benefit from the massive energy transition

Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful

Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers

Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns

2024 NFL Team Fantasy Football Power Rankings, 1.0

Phil Mickelson on the majors: 'What if none of the LIV players played?'

Social Security just passed Medicare as the government's most pressing insolvency risk

Indianapolis Star bars columnist Gregg Doyel from covering Caitlin Clark, Fever after inappropriate exchange

The best budgeting apps for 2024

NFL Draft fashion: Caleb Williams, Malik Nabers dressed to impress, but Marvin Harrison Jr.'s medallion stole the show

The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024

Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL