Update: Despite Capital One stating that the information was not disseminated the hacker posted it on their public github and at least one person accessed that data (as they reported the breach to Capital One). Wired has more in depth information on this.
Capital One has announced that data of approximately 100 million individuals in the United States (and approximately 6 million in Canada) has been accessed by an outside individual in the latest data breach. The FBI has arrested the individual responsible for the breach and Capital One believes that the information stolen has not been disseminated.
Key Facts
- No credit card numbers or log in details were stolen
- Over 99% of social security numbers were not compromised (140,000 social security numbers were stolen & 80,000 linked bank account numbers). The social security numbers that were stolen were from customers that used their Social Security number as their Employer Identification number in applying for small business credit cards
- Stolen data includes names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income
- Credit credit data was also stolen:
- Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
- Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
Final Thoughts
It’s unclear how Capital One will be helping affected customers at this stage. It’s good that the individual has been apprehended but I’m always cautious when corporations say that the data has not been disseminated as we do not know on what basis they are making that claim and often times that statement is revised down the line as new information comes to light.
I’ve said it before and I’ll say it again, until the penalties for data breaches are increased they will continue to occur at an alarming rate. The damage that can be done to individuals when this data is stolen can be significant and I don’t believe corporations are investing enough resources into informational security.
Got a letter from Cap One today re: data breach, they are offering two years of credit monitoring thru “myTrueidentity” (part of Transunion). Anyone know more about this or have any opinions regarding this?
Anything can happen and I mean anything at any given time regardless of efforts to stop it.REGARDLESS!!! It will happen anyway and is happening at this very moment.
There is no getting around it,”the love of money is A root of evil!!! So go for it……
I wonder if Capital One is now regretting having turned away so many potential paying customers. They could probably use that extra cash now.
I know someone who used a social security number as an EIN for a small business card (those were the only people affected) and someone tried to sign up for a cc in their name may be a coincidence but I doubt it. These big mean credit card companies should be heavily fined for such activity this is getting out of hand. Every other day you hear about another breach. Be on the lookout folks!
Whoever wrote the line “No bank account numbers or Social Security numbers were compromised” other than about 140,000 Social Security Numbers and 80,000 bank account numbers, should be fired. Talk about downplaying a serious situation.
Considering the hackers in the Equifax breach got off scot free, and the Equifax employees and executives got off with a slap on the wrist. Sure, they paid out some money, but they can earn more by selling peoples’ information without their consent. I don’t think any executives got fired, much less convicted and sent to prison for a few years.
I’d wager the settlement is part of a civil suit, not a criminal complaint, so nobody’s careers are at risk.
We’re paying for her lawyer and giving logs to prove insanity. Things are likely going to work out for erratic. She’s hopefully finally going to get the help she deserves after all these years.
Most of the IT department got fired and they’re hiring new at capital one, though.
Credit Monitoring is the new “Going to the Rehab” — and both equally useless. Actually CM is far worse. They’ll spam your emails forever, and you can’t turn them off without opening a new account and paying ransom.
So this is everybody who applied this way or just a portion “The social security numbers that were stolen were from customers that used their Social Security number as their Employer Identification number in applying for small business credit cards”
Sounds like the only compromised SS# are from those who applied with it as EIN. Based on the dates, it’s probably likely a high percentage of those individuals are hobbyists and in this community. Getting an EIN is completely free and a good failsafe for this exact reason.
My capital one card is the oldest card I have. I have unsuccessfully requested a credit limit increase each year for the last 6 years. All other cards I have regularly approve limit increases over the years with zero denials. So I gave up with Crapital One and didn’t bother to even put in a request this year.
Suddenly, this Saturday out of nowhere, I received an email from them stating they automatically increased my limit. Two days later, this data breach comes out. If this wasn’t just a ploy to retain my business since they were about to disclose the breach, then it’s a very strange coincidence.
Me wiping my tears with all the $125 settlement checks…
Let’s wait to see if you actually get one. I bet Equifax ends up being about $0.5