- Capital One reported that it was hit with a data breach in late March affecting an estimated 100 million users in the US.
- The breach compromised approximately 140,000 customers’ Social Security numbers and 80,000 linked bank account numbers.
- Data breaches are becoming our new normal, so it’s more important than ever to stay on top of your money with secure passwords and consistent monitoring.
- One solution, according to many experts, is freezing your credit, but that won’t protect against the most common type of identity theft.
- Visit Business Insider’s homepage for more stories.
Capital One revealed on Monday that approximately 100 million customers in the US and six million in Canada were affected by a data breach.
The breach occurred over two days in March 2019 and compromised consumers and small businesses that applied for credit cards between 2005 and early 2019. Capital One said no credit card account numbers or log-in credentials were compromised, though about 140,000 Social Security numbers and 80,000 linked bank account numbers were revealed, in addition to some customers’ personal information, like birthdates and addresses, and credit scores, credit limits, balances, payment history, and contact information.
Unfortunately, data breaches are nothing new, and they aren’t going away. In fact, between January 2017 and April 2018, at least 16 separate security breaches occurred at US retailers, Business Insider’s Mary Hanbury and Dennis Green previously reported.
Keeping our money online is convenient and easy, except in instances like this. But you still shouldn’t freak out.
As certified financial planner Lauren Lyons Cole said in an article on the Equifax breach, “Even when we take all kinds of steps to protect ourselves online, our best-laid plans can still result in financial foibles — whether as a result of our own error or a giant financial company’s.”
1. Find out if you’ve even been compromised
Capital One said it will notify affected customers “through a variety of channels,” but has not announced when that process will begin. But you don’t have to wait for an email or letter to check your credit score and/or request a free credit report.
Under federal law, all consumers are entitled to a free credit report once every 12 months. Your credit report is a snapshot of all your financial activity, past and present, and it’s an important source to check to make sure nothing’s amiss.
To request your report, go to AnnualCreditReport.com and fill out the online submission form. You’ll have the option of receiving a credit report from one of the three bureaus (Equifax, Experian, or TransUnion) or from all three. Remember that you only have access to your report three times per year, so until you’re certain your data has been compromised, hold off on requesting all three.
2. Understand how to freeze your credit, but consider your options before you do it
Freezing your credit protects against new accounts being opened in your name — one of the rarest types of identity theft out there, affecting only 4% of victims, according to Bureau of Justice Statistics (BJS) data.
The vast majority of identity theft victims — 86% in 2014 — have problems with a current account, such as a credit card or bank account, according to BJS data. Freezing your credit won’t prevent that type of crime.
If you find out that your identity has actually been compromised — as in, someone tried to open a fraudulent account in your name — then definitely freeze your credit, Lyons-Cole said. Otherwise, you may want to hold off.
“Freezing your credit means dealing with customer service agents at all three credit bureaus — Equifax, TransUnion and Experian — and keeping track of a unique pin number that you’re going to need anytime you want to open a new account or move to a new apartment. Make sure you fully understand how it works (the Federal Trade Commission has a nice breakdown) before you start the process,” Lyons-Cole said.
You may consider setting up a fraud alert instead, which requires lenders to call you and verbally verify your identity before opening any new account. You only need to call one of the credit bureaus to set up a fraud alert, as they’re required by law to notify the other two.
3. Monitor your money regularly — even if you haven’t been compromised
A money-tracking tool like Personal Capital or Mint.com makes it easy to regularly check all of your financial accounts. Make it a habit, like scrolling through Instagram every morning. If there’s an unfamiliar charge, you can identify it quickly and take action to dispute it.
“If you have been compromised, this becomes even more essential,” Lyons-Cole said. “You can monitor your credit for free with a service like Credit Karma by selecting to be notified when a new account is opened under ‘Communications and Monitoring’ in the profile settings.” But again, most identity theft occurs via accounts that are already open.
For those affected by the Capital One breach, the company said it will provide free credit monitoring and identity protection services.
4. Use secure passwords on all of your accounts, including your online shopping accounts
“This is like eating your vegetables: You know you should do it, but it’s not fun and you’d rather not. I get it,” Lyons-Cole said. “But any data security expert will tell you secure passwords are a necessity. Every site you use should have a different password, and it shouldn’t be easy to guess.”
You can use a tool like LastPass or 1Password to generate and keep track of all your online passwords.
5. Optimize your money management and credit usage
A breach like this is a good reminder to check your credit score, pull your credit report, and review the way you’re currently managing your money. There may be things you can do to improve your credit score, fix any errors on your credit report, and optimize your collection of credit cards.
“Considering data breaches are more or less our new normal, the only thing we can really do is the one thing we should be doing anyway: staying on top of our money and fixing any issues as soon as we can. No one is going to be more interested in your financial situation than you are. Not even a hacker,” Lyons-Cole said.
6. File your taxes early
The IRS is cracking down on tax fraud, but there could be an uptick after a data breach of this size. Get your tax information organized early and submit your return as soon as you receive your W-2 and 1099 forms in January 2020. Added benefit: If you’re due a refund, you’ll get it sooner, and if you owe taxes, the amount isn’t due until April 15 regardless of when you submit your return.