A Capital One hack was discovered on July 19. The bank had been putting its systems onto Amazon’s AWS cloud, and an AWS engineer took advantage of a misconfigured firewall and stole data. Because Capital One apparently didn’t keep anything encrypted, 100 million people in the United States and 6 million people in Canada are affected.
What We Know
If you have a Capital One credit card and/or applied for one between 2005 and 2019, there’s a chance you could be affected. Stolen data include:
- Credit scores, credit limits, balances, payment history, self-reported income, contact information (Names, addresses, phone numbers, zip codes, dates of birth)
- 140,000 Social Security Numbers, and 1 million Canadian Social Insurance Numbers
- 80,000 linked bank account numbers
- “Fragments” of transaction data for 23 days during 2016, 2017, and 2018
What We Can Do
First, Capital One said they will email affected customers. The bank will also provide free credit monitoring and identity protection to affected customers. Aside from switching banks, here’s what customers can do.
Freeze Your Credit
This is probably the most important thing. I did it myself and was surprised by how easy and painless it was. You can do it for free online at various credit bureaus:
You can lock your credit card using Capital One’s app and their website, but I tried it and it didn’t work. You can also pull your credit report and get a free copy once a year by going to www.annualcreditreport.com. This is the only free service authorized by the federal government.
Watch Your Transactions
Although Capital One said that credit card account numbers and account credentials weren’t leaked, it’s a good thing to:
- Change your password, preferably using a password manager.
- Keep an eye on your transactions and report suspicious/fraudulent purchases to Capital One. This is easy to do with Capital One’s app.
Watch for Scams
Since your phone number and email address associated with your credit card are now out in the wild, be alert for email and phone scams. You can report spam text messages by copying the message and forwarding it to the number 7726 (SPAM) for free.
For spam calls, you can use an app to block robocalls. I use Nomorobo, and there are others out there. You can also configure Do Not Disturb in iOS Settings for free. This will block calls from numbers that don’t appear in your contacts.
For email scams, don’t click on any suspicious links. Most websites won’t ask for your account credentials. You can follow the instructions here to report phishing emails to Google. You can forward phishing emails to Apple at [email protected], but this is only for emails from a scammer pretending to be from Apple.