Capital One Data Breach Impacts Over 100 Million People

Filed Under: Capital One

It’s a day that ends in “y,” and you know what that means… there was another data breach!

Capital One data breach impacts 100+ million people

Capital One has announced a data breach, where on July 19, 2019, they discovered there was unauthorized access by an outside individual who obtained certain types of personal information related to card members.

Capital One says that they immediately fixed the configuration vulnerability that the individual exploited, and they have worked with federal law enforcement. The FBI has arrested the person responsible for this.

Capital One says that they believe it is unlikely that the information was used for fraud or disseminated by this individual, though they are still investigating.

This breach impacts approximately 100 million individuals in the United States, and up to six million individuals in Canada.

While no credit card account numbers or log-in credentials were compromised, some social security numbers were compromised.

For those who applied for cards between 2005 and early 2019, it’s possible that information including names, addresses, zip codes, phone numbers, email addresses, dates of birth, and self-reported income was compromised.

Beyond that, the following may have been compromised:

  • Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
  • Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018

No bank account numbers or Social Security numbers were compromised, other than:

  • About 140,000 Social Security numbers of credit card customers
  • About 80,000 linked bank account numbers of secured credit card customers

Capital One says that they’ll notify the individuals impacted through a variety of channels, and will offer free credit monitoring and identity protection to everyone affected.

Apparently the 140,000 Social Security numbers that were compromised were for those who applied for small business credit cards as sole proprietorships, using their Social Security number as their Tax ID.

My take

Maybe I’m being too casual about here, but am I the only one who is at the point where I’m just totally desensitized to this stuff?

Sure, I don’t like the idea of my data being stolen, but I also don’t think being too worried will get me anywhere? I provide my fingerprints when I enter China. I “expose” my credit card number every time I go to a restaurant. I feel like there are so many parties that have my data, and the best I can do is frequently monitor my credit and hope for the best.

That’s really the extent of my feelings on this, for better or worse.

  1. I doubt there are many people that are left that don’t have their numbers on the dark web from Marriott, Target, etc, so it’s probably more like 2 million.

  2. My hope is that Paige was not connected to any (more) evil people. Seems by reading the papers, she was just a disgruntled screw-up. Hopefully.

  3. You’ve fallen into the trap of parroting their PR spin of “No SSNs were compromised other than.…” instead of “x SSNs were compromised”. It is even more egregious in their communication as below the bold heading of “No SSNs were compromised” they mention that 1 million Canadian SINs (the functional equivalent in Canada of SSNs) were compromised, which is pretty significant in a country of 37 million people.

  4. These banks and large companies will continue to have a reckless disregard for consumer information security until the penalties become really significant and perhaps criminal negligence charges brought against the leadership. It’s clear that these companies aren’t spending enough to protect us and at the end of the day, the victims are left to fend for themselves, with the attorneys and federal government benefiting from the fines assessed, not the little people who are affected. If a few CEOs along with Ms. Paige go to jail then maybe this stuff will get cleaned up.

  5. Is it bad that my immediate reaction is “can’t wait for the class action lawsuit so I can get my 40 bucks”?

  6. I have a freeze on all three credit bureaus. I have extra low tax withholding so never get a refund, so don’t worry about somebody filing a fake return. Crazy times we’re living in.

  7. The functioning of US society relies so much on the personal credit profiles, yet the safeguard for these is mismatchingly minimal. Is it that difficult to learn to be a developed country?

  8. I am not too concerned about the credit card numbers due to protections that are in place, but it is more the other information that is gathered that can be used to do the take over of your identity. I am looking for the day when the US develop regulations similar to Europe’s GRPR that allows individuals to control what type of data is available/collected on the web. No, it won’t stop identify takeovers, but will slow down the huge databases of personal data being collected that put together for that reason is my huge concern. Besides the “dark web” look at the amount of data that paid services provide like truthfinder, mylife, etc where you can’t control information that is collected. Facebook, linkedin, etc. are controllable to what you provide. Our kids will never knew what privacy used to be.

Leave a Reply

Your email address will not be published. Required fields are marked *