Capital One Data Breach: Why Read the Fine Print

Capital One has already begun the notification process for the latest data breach , affecting approximately 100 million people in the US and another six million in Canada (so far). However, if you happen to hear a company announcement about this issue, it probably sounded like everything is fine.

At least I felt like a financial roller coaster when I read the Capital One press release and saw alternating lines like this:

“Based on our analysis to date, we consider it unlikely that the information was used for fraud or disseminated by this person. However, we will continue to investigate. “

“Based on our analysis to date, this event has affected approximately 100 million people in the United States and approximately 6 million in Canada.”

“It’s important to note that no credit card account numbers or credentials have been compromised, and over 99 percent of Social Security numbers have not been compromised.

“No bank account or social security numbers have been compromised except:

  • About 140,000 social security numbers of our credit card customers
  • About 80,000 associated bank account numbers of our clients with secured credit cards “

That’s right, Capital one is being ridiculed on the Internet for this almost nonchalant way of claiming that hundreds of thousands of clients have been seriously affected by this violation.

What do you get out of this? First, always read the fine print . It is in the company’s best interest to downplay such violations as much as possible, because it will cost them money and, at best, make them stupid and unsafe.

What sounds good if you just read the first paragraph or so, or even flip through the ad, is actually not all that good. At the very least, I don’t think coughing up 140,000 social security numbers and 80,000 bank account numbers is a good thing, and I’m sure those affected will agree with me.

Second, be skeptical. Capital One says about 106 million people were “affected” but hides in its press release the type of information that could later be accessed – a piece of text that you might not notice. if only skimming through.

“The largest category of information available is consumer and small business information at the time of application for one of our credit card products from 2005 to early 2019. This information included personal information that Capital One normally collects when it receives credit card applications. , including names, addresses, zip / postal codes, phone numbers, email addresses, dates of birth, and self-reported income. In addition to the credit card application data, the individual also received some of the credit card customer data, including:

  • Customer status data such as credit ratings, credit limits, balances, payment history, contact information.
  • Snippets of transaction data for 23 days in 2016, 2017 and 2018 “

It’s not that bad, right? There is little you can do if your email address or birthday is unknown, and it’s more annoying than problematic if your credit score or payment history is leaked. However, an attacker could theoretically use this information on its own – or cross-reference other information that it may have as a result of one of the myriad other security breaches that your data is likely to be a part of – to create your bogus profile and submit applications for other financial services. use of your information that could cause problems.

In addition, it should be borne in mind that we are only at the very early stages of studying this violation. As much as you might be tempted to ignore the Capital One issue as it didn’t seem so serious to most people, you should keep it in mind for the next few months.

Third, if you are affected in any way – and Capital One must notify you of this, so just in case, make sure you keep a close eye on your email – you need to make sure you take Capital One on its free offer on credit monitoring . You may even already have free credit monitoring as a result of the aforementioned Equifax violation, but it never hurts to have as many services as possible looking for illegal uses of your data. If you want a head start, companies like Credit Karma will be more than happy to provide you with free credit monitoring, and it is possible that your credit card company might have some kind of free credit monitoring service as well. You can also block your Equifax ,Experian and TransUnion account.

Fourth, you will also want to make sure that you are safe from any follow-up actions after the Capital One hack . If someone calls you on the phone and asks you to “verify” your account information because they are from Capital One and they need to make sure you are safe or on some other line, tell them. As CNBC notes, “Capital One does not call customers to provide credit card, account or social security number information by phone or email.”

Likewise, if you receive a suspicious email purporting to be from Capital One or a Capital One representative asking you to provide them with information they should theoretically already have, resist that urge. In fact, you can even call Capital One yourself to verify the legitimacy of the request before clicking on any links or submitting any responses. The last thing you want to do is survive the Capital One hack unscathed, but still use sensitive information to try to phish.

Finally, be vigilant . I understand that it can be annoying to react to this kind of thing, especially if you are so angry that you are about to transfer your money to a new bank. Even if you go through the standard process of changing passwords when a breach is found at the company you use, I sympathize. Having to do all of these is annoying, but you cannot let your guard down. Continue to enable two-factor authentication. Keep checking your account for any misuse, whether financially or logging in, that was not you. Set up a Google Alert for Capital One so you don’t miss any important hack messages. Breathe. Do you have this.

More…

Leave a Reply