What You Need to Know About the Capital One Data Breach

How to find out if your data was compromised and what to do next

open padlock on credit card on computer keyboard

 weerapatkiatdumrong/Getty Images

If you’re a Capital One customer, then it may be time to take stock of your accounts.  

In August 2019, the financial services company announced a significant data breach—to the tune of approximately 100 million people in the U.S. and around 6 million in Canada. According to information released by the company, an individual gained access to personal information of current Capital One customers and those who applied for a credit card in the past 14 years. The personal information included credit scores, Social Security numbers, and bank account numbers. 

But don’t panic just yet. The company also stated that it didn’t believe the stolen data was used for fraudulent activity, that no credit card numbers or login credentials were compromised, and that the responsible individual has been arrested. 

If you think you may have been affected by this data breach, read on. We’ll outline how to determine if your information was compromised, best practices after a data breach, how to spot fraudulent charges in the aftermath of one, and how to report fraud. 

How to Know if Your Information Was Compromised

In this particular instance, Capital One says it will notify customers it believes to be affected by the breach via mail to offer two years of free credit monitoring and identity protection. It’s only reaching out to those with compromised Social Security numbers or linked bank account numbers.

But don’t just take their word for it. Comb through your credit card history, bank account charges, and credit report for potentially fraudulent activity. 

Beware of phishing scams from entities posing as Capital One, the government, or another bank, which may tell you you’re affected when you haven’t been. These scammers may call, e-mail or text you—but Capital One is contacting individuals only by mail, not any other method. 

How to Spot Fraud After the Capital One Data Breach 

Check your free annual credit reports for any new-to-you accounts or charges. As well, you may want to file taxes early this year. Scammers can use your Social Security number to seek a tax refund or a job. If you receive a letter (not a call, e-mail, or text) from the IRS, respond immediately. 

Keep your receipts for all monthly spending, then carefully compare them with your credit card and bank account statement. If the account is shared, be sure you’re both on the lookout for charges that aren’t in line with where you normally shop or that are larger than normal. 

Also, be aware that many scammers will charge a nominal amount to your card first to test the account, then follow up with a larger, unauthorized credit card charge. Review your statements for charges of a few dollars for accuracy. More importantly, ensure those small charges aren’t followed by another larger, fraudulent charge. 

Note that many banks offer a service that will alert you if a charge is over a certain amount, like $100. It’s a good way to spot fraudulent charges within moments of occurrence. 

How to Report Fraud 

To report fraudulent charges from your bank account or on your credit card, contact your bank, card issuer, or credit union as soon as possible. The sooner you report a fraudulent charge, the better your chances of recouping that money—and preventing further fraud. 

Although all major credit card companies have $0 fraud liability policies, it’s good to know your legal rights, too. According to federal law, you have 60 days from the date of the first fraudulent bill to report credit card fraud. For debit cards, you have two business days to report the loss, or possibly forfeit the federally-mandated maximum liability of $50. If you wait longer than two days to report the theft, you can be liable for up to $500 in fraudulent charges. More than 60 days, and you could lose all the money taken from your account. 

You also may need to file a police report if you find fraudulent charges were made. This can help protect you from further fraud and can help your case with your credit card company or bank in recouping your money. 

And perhaps more importantly, if your information has been compromised and/or fraudulent charges were made, freeze your credit while you work to resolve the issue. This restricts access to your credit report, which means thieves can’t open new accounts in your name. 

Freezing your credit will also make it harder for you to apply for credit. If you’re less sure about whether you’ve been a victim of fraud, you could place a fraud alert on your credit reports, which lets lenders know you may be a victim of identity theft and they should take extra steps to validate your identity before extending you credit. 

Best Practices After a Data Breach 

Regardless of whether you were affected by this particular data breach, it’s always a smart move to keep close tabs on sensitive personal information such as bank account numbers and Social Security numbers. Keep your passwords safe, and change them often. Don’t use the same information on multiple websites.

Free credit card alerts through your credit card issuer can notify you immediately when the card is used. You can set alerts for purchases over a certain size, say $100.

Review your credit reports annually, and you could consider investing in a credit monitoring service, which will alert you to potentially fraudulent activity. Be sure to choose one that covers all three credit reporting bureaus. 

If you’d like to add another layer of protection, consider identity theft protection plans, which might offer credit monitoring, identity monitoring (if your personal information is being used, but not yet in ways related to your credit report), identity recovery (to address identity theft issues), and identity theft insurance.