←Back to Education Center Main

Important Update about the Capital One Data Breach

Capital One Data Breach

Late last Monday night (July 29), Capital One disclosed that it had been a victim of a data breach. The breach, which occurred on July 19, is estimated to affect about 100 million individuals in the United States and approximately 6 million in Canada. Below is an overview of the key details that are known at this time.

  • The Virginia-headquartered company says that they became aware of unauthorized access by an outside individual on July 19, 2019. The hacker was able to obtain sensitive customer information, including Social Security numbers and linked bank account numbers for a small fraction of current Capital One cardholders.
  • Capital One says the configuration vulnerability that the perpetrator exploited was immediately fixed, and the FBI has already arrested a single suspect, Paige A. Thompson of Seattle, accusing her of computer fraud and abuse.
  • Importantly, outlets have reported that it’s unlikely that the information was used for fraud or made available on the black market or elsewhere.
  • To date, investigations show that data security incident affected approximately 100 million individuals in the United States and approximately 6 million in Canada. The largest category of information compromised was information on consumers and small businesses at the time they applied for one of Capital One’s credit card products from 2005 through early 2019. This is your routine credit card application form information: names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
  • Outside of the credit card application data, the perpetrator also obtained portions of credit card customer data, including: customer status data (i.e., credit scores, credit limits, balances, payment history, and contact information) and fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.
  • Lastly, about 140,000 Social Security numbers of U. S. credit card customers, 80,000 linked bank account numbers of secured credit card customers, and 1 million Social Insurance Numbers of Canadian credit card holders was hacked. Capital One says they will notify affected customers through a variety of channels.

Generali Global Assistance, partnered with the American Bar Association Insurance Program, is fully committed to the protection of your identity and personal data. As always, Resolution Specialists are available 24/7 to assist with questions or concerns. As this breaking story unfolds they will continue to monitor the situation and adjust staffing, if necessary.

Please read the following data breach safety measures to help reduce your risk:

  • Make monitoring activity on your financial and credit card accounts part of your routine.
  • Set up two-factor authentication where available for extra security.
  • Rethink the information you’re sharing online (specifically social media). With so much information leaked in breaches, hackers are able to piece together compromised information with the information you publicly share to create a holistic picture of your identity.
  • Always use strong and unique passwords, and don’t reuse passwords across multiple platforms (this allows hackers to access multiple accounts when just one is breached).
  • Be on the lookout for any phishing emails. In the aftermath of any data breach, it’s common for those affected to receive an influx of phishing emails supposedly from the organization breached or other trusted service providers. Phishing emails are a common way fraudsters can get even more personal data from you.
  • If available through their program, be sure that they have activated their credit monitoring. This will ensure that they are receiving any timely credit alerts.
  • If available through their program, be sure that they have added key information in the identity monitoring section of their portal to be monitored on the internet (surface, deep and dark web) on illicit sites where stolen person information is bought and sold. Some recommended information to monitor includes:
    • Login credentials for online accounts
    • Social Security number / Social Insurance Number
    • Email addresses
    • Date of birth
    • Debit/credit card numbers
    • Bank account numbers
    • Insurance card/policy number
    • Drivers’ license number
    • Loyalty card numbers
    • Affinity card numbers
    • Passport number

For more information about ID Theft Protection, please visit the ABA Insurance Program online here.


This information was written by and used with permission from Generali Global Assistance.


←Back to Education Center Main

The ABA Insurance Education Center is provided by USI Affinity, the administrator of the American Bar Association Insurance Program.
Unless stated, the opinions shared by USI Affinity writers do not reflect the official position of the American Bar Association.