What is a 'data breach?'
Many companies collect a variety of information about people who do business with them, and they often store that information to use for later marketing efforts. When unauthorized people ('hackers') obtain personal information from a company which collects or stores that information, it is called a "data breach."
What information did the Capital One data breach involve?
The majority of the information the hacker obtained was from applications for a credit card. Whatever information was used to apply for a card is involved. This usually means your name, address, birth date, and potentially your email addresses. It may also involve social security numbers, bank records, credit scoring information, or income information.
In addition, for people who had a "secured card" (a card for which the borrower must deposit money before being able to use the card), bank account numbers were compromised. Capital One has said about 80,000 people had their bank account information obtained.
How can I tell if my information was at risk?
If you had a Capital One credit card at any time after 2005, or if you applied for a Capital One card at any time in 2005 or after, your information was most likely compromised, since 106,000,000 people were affected. But there is no sure way to tell, so you should take steps to protect yourself.
Since they discovered the problem, does that mean I don't have to worry anymore?
No. The information taken from Capital One's servers was posted publicly on a website, and may have been disseminated further to other hackers or criminals.
In addition, it is not clear if the individual arrested for the hacking made it possible for others to get this information directly from Capital One without detection. Since there was a period of several months between when the original breach occurred, and when it was discovered, other individuals may have gained access to the same information and used it themselves.
What can I do to protect myself from identity theft?
You should get credit monitoring. Many banks and credit unions will provide credit monitoring as a free service. Credit Karma also lets you check your credit on a regular basis to see if your score has changed or inquiries have been made.
You can also purchase identity theft insurance. This is different than credit protection or credit monitoring. Identity theft insurance is usually available through your homeowners' or renter's insurance agency, and can provide insurance to cover the cost and damages if you are the victim of identity theft.
You should also take steps to protect your information. Simple precautions include: changing your passwords and pins on any website that includes your financial information. This includes banking websites, retirement and investment account websites, and shopping sites (or payment sites such as Paypal or Venmo) where you have banking, credit card, or other personal information.
Finally, never give out any banking or personal information to anyone who contacts you by phone or electronically. If someone calls you attempting to obtain that information, get their name, the company they are calling from and an identification number/badge, and then call them back at a number you obtain yourself from the company's website or customer service center. Do not open emails or electronic communications from senders you do not recognize, or which ask you to download items or provide information.
What if I feel I've been harmed by this?
Lawton & Cates has filed a class action seeking to collect damages on behalf of Wisconsin residents who have been harmed by the release of their information. If you would like to discuss your situation further to see if you have legal remedies or are in need of protection or help, click this link.