The recent Capital One data breach potentially revealed the names, addresses, zip codes, phone numbers, email addresses, dates of birth and self-reported income of about 100 million people in the United States and 6 million in Canada. A smaller number of customers had their social security and bank account numbers compromised, according to sources at Capital One.
Paige Thompson, the suspected perpetrator of the data breach, was taken into FBI custody on Monday. Capital One believes it is unlikely that the information was used for fraud or disseminated by the suspect, but authorities are still investigating the possibility.
According to the complaint against Thompson, the suspect was allegedly able to access folders of data in Capital One’s cloud storage space because the firewall was not configured properly. Cybersecurity experts state that this type of attack could have been prevented by proper oversight and penetration testing, which tests the strength of the firewall.
Additionally, a layer of security including 24/7 monitoring would likely have detected the intrusion immediately, allowing for a rapid response.
Attacks of this scale aren’t the norm, but data breaches are becoming increasingly commonplace. Texas in particular has a seen a rash of newsworthy cyberattacks. Ten financial institutions experienced a data breach in Texas just last year, compromising more than 77,000 records.
Gov. Greg Abbott recently signed HB-4390, which requires companies to notify affected individuals of a data privacy breach within 60 days. Companies must also notify the Texas Attorney General if more than 250 Texas residents are affected. (The changes will not take effect until 2020.)
The Texas Office of the Attorney General is currently determining how Texans’ information may have been impacted by the Capital One breach and what steps the Texas AG should take, according to a statement by spokesperson Marc Rylander.
What should I do?
If you’re a Capital One customer who’s concerned that your data may have been stolen, there are a few precautions that you should take:
Monitor your accounts closely. Security measures will flag an unusual expense, but if a hacker obtains access to your account and makes purchases that imitate your spending habits, they will likely not be flagged.
Consider freezing your credit. Contact one of the three credit bureaus (Equifax, Experian, or TransUnion) to prevent new accounts being opened in your name.
Watch out for phishing scams and fraud. Hackers who have access to the stolen data are likely to reach out to Capital One customers in an attempt to scam them. Watch out for emails or phone calls from individuals claiming to be from Capital One. The actual company will not ask for your personal information via these methods.