Capital One Data Security Breach
Why the largest bank in Virginia was just fined $80 million and why you should care:
In March 2019 Capital One suffered a data security breach in which the social security numbers, bank account numbers, and credit card applications of over 100 million people were compromised when a software engineer from Seattle hacked into the bank’s servers.
The hacker, a former Amazon employee, was arrested in July 2019 and is currently facing federal criminal charges.
If Capital One was the victim of a crime, why was the bank fined $80 million by federal bank regulators and how does this effect you?
We provide our personally identifiable information (i.e. name, birthdate, social security numbers, etc.) to banks, medical care providers, insurance companies, credit card companies, wireless service providers, and countless others. Most of us provide that information will little thought about what happens to it after sharing because we trust that it will be safeguarded appropriately. After all, these companies and service providers are obligated by federal and state laws to take precautions to protect your information.
In this case, federal banking regulators found that Capital One engaged in unsafe and unsound information technology practices which failed to adequately protect customer information in its cloud environment. Specifically, the regulators found that in 2015 Capital One failed to establish an enterprise-wide risk management program prior to migrating its information technology operations to the cloud operating environment. Capital One did not implement sufficient network security controls, data loss prevention controls, or effective alerts. Further, the Federal Reserve Bank of Richmond had previously identified deficiencies in Capital One’s risk management program and Capital One failed to correct them.
As a result of these findings and its shortcomings, Capital One agreed to pay an $80 million fine. It will also be required to submit written action plans to address the cybersecurity deficiencies and status reports on the progress of the implementation of the new security measures to federal regulatory agencies, including the Federal Reserve Board.
Even if you were not affected by the Capital One breach, data breaches are occurring at unprecedented rates and identity theft is the most common consequence of a data breach. Here are some statistics for you to consider:
- There were 146 million exposed records from data breaches in 2019
- 14.4 million consumers became victims of identity fraud in 2019
- Identity theft and fraud cost consumers more than $1.9 billion in 2019
- 33% of U.S. adults have experienced identity theft
- There’s a new victim of identity theft every 2 seconds
What can you do to help protect your data?
1) Keep your information secure offline
- Lock your financial documents and records such as your social security card and birth certificate in a safe place at home
- Keep your wallet or purse secured when you’re at work
- Do not carry your social security card in your wallet or purse
- Before you share your information with a business or at a doctor’s office, ask why they need it, how they will safeguard it, and the consequences of not sharing your information with them (oftentimes they don’t really need it)
2) Keep your information secure online
- Don’t give out personal information on the phone, through the mail, or over the internet unless you’ve initiated the contact or know who you’re dealing with
- If a company you have an account with sends you an email asking for personal information, don’t click on links in the email. Instead, go to the company’s website and contact them or call the customer service number on your account statement to avoid fake links
- Don’t share your information when connected to public WiFi without using a VPN (virtual private network) and secure your home WiFi network with a strong password
- Use strong passwords with your laptop, credit, bank, and other accounts and keep those passwords private
- Use a password or pin lock on your smart phone
- Be careful how much information you share on social media. Don’t post your full name, address, phone number etc. on publicly accessible sites.
3) Monitor your credit
- Regularly check your banking records for any fraudulent or suspicious activity
- Monitor your credit report for unauthorized credit inquiries, accounts or account activity that does not belong to you, and incorrect identifying information such as the wrong address
- Many credit cards offer credit monitoring as a free feature and there are two free services to check the three major credit reporting agencies – www.creditkarma.com and www.creditsesame.com
- Pull and review your credit report yearly for free from www.annualcreditreport.com
What should you do if you think your data has been compromised?
1) Place a fraud alert on your credit report
- If you think your data may have been compromised, contact one of the three credit reporting bureaus (Experian, TransUnion, Equifax) and ask to place a fraud alert on your credit report. That reporting bureau will contact the other two and the fraud alert will last for one year
- The fraud alert can make it harder for someone to fraudulently open accounts in your name by requiring the business to take additional steps to verify your identity before approving credit applications in your name
- Immediately file disputes with the reporting bureaus if you discover any inaccurate information on your credit report
2) File an identity theft report with the Federal Trade Commission
- If you know you’ve been the victim of identity theft you should file a report with the FTC at the following address: https://www.ftc.gov/complaint
- You should also file a police report with your local police department
- Filing these reports will help you in any disputes over fraudulent activity that may arise
3) Notify your banking institutions and change/cancel accounts and cards
- If you suspect your information has been compromised, canceling cards and changing bank account numbers can help prevent identity theft before it occurs
- Notify your credit card company or bank immediately if you discover any fraudulent charges or activity on your accounts
4) Contact us for legal advice or questions
- If you have any questions about how to handle issues with potential identity theft or the compromise of your personal information, we are happy to help answer your questions and provide guidance on your best course of action
- If you have alerted the credit bureaus to inaccurate information on your credit report and they have not corrected the reporting, you may have a legal claim under the Fair Credit Reporting Act