Just as Equifax comes to a settlement with the FTC over its major data breach scandal, Capital One Financial Corp. announced on July 29 that more than 100 million people had their personal information hacked. The compromised information included credit scores and balances, ZIP codes, email addresses, dates of birth, self-reported income and payments history, fragments of transaction data, plus the Social Security numbers of about 140,000 customers and 80,000 bank-account numbers from credit-card customers.
Capital One announced that when the breach was detected, it immediately fixed the configuration vulnerability that this individual exploited and began working with federal law enforcement. The FBI has arrested the person responsible.
Capital One said no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised. The largest category of information accessed was information on consumers and small businesses as of the time they applied for credit card products from 2005 through early 2019. It will offer free credit-monitoring services to those affected.
The unauthorized access was detected on July 19. The company expects the incident to generate incremental costs of approximately $100 to $150 million in 2019.
Capital One says it will notify affected individuals through a variety of channels and will make free credit monitoring and identity protection available to everyone affected.
According to MarketWatch, “Capital One has offered $125 to anyone whose data was hacked or free credit monitoring for 10 years. However, privacy experts say credit monitoring only looks for changes on a credit report, indicating that someone is using your personal information to open new accounts in your name. But it does not prevent someone from taking out a loan in your name.”