On July 29, Capital One announced it experienced a data breach affecting over 100 million customers. While that is an enormous number it represents only 1.4% of nearly 8 billion publicly disclosed account compromises. Considering there are 10 – 20x as many unreported breaches and compromised accounts, 100 Million Capital One breached accounts is only 1/10th of 1% of all breaches. Given this sorry state of Cybersecurity, how can we put this breach into perspective? More importantly, what should we be doing in light of this “financial data” breach at Capital One?
What Was Compromised?
Capital One released a statement saying, “no credit card account numbers or log in credentials were compromised and over 99 percent of Social Security Numbers were not compromised”. What is currently public as compromised data are 140,000 customers Social Security Numbers (Social Insurance for Canadians) and 80,000 linked bank account numbers. That leaves 99.8% of the breached accounts as undisclosed by Capital One. It is still very early in the investigation so expect these numbers to change and be adjusted. We just don’t know the extent of what was stolen or breached and how it will affect us. Yet, even without that information, we can make recommendations to you for what you should do to protect you and your loved ones.
What Can I Do?
Freeze your Credit at all Four (4) Credit Reporting Agencies
This LifeLock article walks you through how to freeze your credit at three major credit agencies. However, know that there are actually four credit agencies you need to freeze your credit at. Hackers know this and will attempt to retrieve your credit from the smaller credit agency known as Innovis. CyberHoot advises consumers put a full Credit Freeze on your financial accounts using these links: Transunion, Equifax, Experion, and Innovis. Some of the credit monitoring agencies offer additional notification services such as texting you whenever your credit is pinged. Enable text alerts if possible to keep track of anyone actively touching your credit data.
Besides the Credit Freezes, is there anything else I should do?
Yes. Following the Anthem and Equifax breaches a few years ago hackers have been submitting fraudulent tax returns before legitimate tax payers could do so using our stolen personal data. Consumers have lost time and money regaining access to their own tax accounts. Unfortunately, this could happen all over again with this Capital One breach because hackers likely have the data they need to submit fraudulent tax returns from this breach. The IRS has acknowledged this problem and will provide anyone who has had a false return filed in their name to get a PIN number that is required to submit their taxes. Unfortunately, unless your taxes have been hacked, you can’t get that PIN to protect yourself. Consequently, CyberHoot also suggests that you get your tax documents in order and submit your taxes as early as possible next January to pre-empt any hacker attempt to submit a false return in your name!
If you would like more tips on what you or your business can do to prevent something like this happening to you; read our article on the Quest Diagnostics Breach.
Summary
Anytime static data that cannot be recreated is breached there are long-term consequences which is the case with the above mentioned breaches (Anthem, Equifax, and now Capital One). Putting a credit freeze on your account will protect you from hackers taking credit terms out in your name, but doesn’t prevent them from submitting fraudulent tax returns. Freeze your Credit, submit your taxes early, and continue to educate yourself on Cybersecurity topics.
Author, Craig, Co-Founder – CyberHoot
Author, Ty Mezquita, Blogger/Social Media – CyberHoot