The news of another massive online data breach may make you feel powerless to safeguard your financial privacy. But you can take some concrete steps to protect yourself in the aftermath of the recent Capital One case, as well as other breaches.
“If you needed yet another nudge to start keeping an eye on your credit report to protect against identity theft, Capital One has delivered it,” explains Federal Trade Commission (FTC) attorney Seena Gressin in an article on the FTC website.
Individuals and Businesses Affected
If you were a victim of the recent Capital One breach, you're not alone. About 100 million people in the United States were initially reported to be affected. These were credit card customers and applicants (both individuals and small businesses), according to Capital One. The company has acknowledged that the compromised information included:
- Credit scores,
- Credit limits,
- Payment history and
- Contact information.
Other information potentially gained includes home and email addresses, birthdates, phone numbers and self-reported income. Particularly concerning may be the revelation that 140,000 Social Security numbers were initially estimated to be compromised.
Safeguarding Your Information
There's no way to guarantee that your personal information won't be hacked in today's online environment. But you should consider these seven protective measures.
1. Get answers. Capital One has established a hotline at 1-800-227-4825. The company also answers some basic questions in this frequently-asked-questions page.
2. Check for suspicious activity. Sign up for online or text alerts of credit card usage. “We encourage customers to monitor their credit card accounts for unusual or suspicious activity. If they notice any activity that they do not recognize … call the number on the back of their Capital One card or on their statement as soon as possible.” Capital One states that “free credit monitoring and identity protection is available to everyone affected.”
3. Change passwords. This advice applies not only to a Capital One account affected, but also to any other accounts that use the same password. In the Capital One incident, the company estimates that about “80,000 linked bank account numbers of our secured credit card customers” were exposed. Updating your password may seem annoying but it helps protect your accounts from hackers. The FTC's advice on picking a new password: “Make your password long, strong and complex. That means at least twelve characters, mixed with uppercase and lowercase letters, numbers, and symbols.”
4. Take advantage of a free annual credit checkup. Under the Fair Credit Reporting Act, you're allowed to obtain free annual credit reports from major reporting firms Equifax, Experian and TransUnion. This can be done by going to https://www.annualcreditreport.com or calling 1-877-322-8228. The form to request credit reports can also be mailed. When reviewing your reports, keep an eye out for items that seem unfamiliar. Identity theft can be spotted in accounts or activity that you don't recognize.
5. Put your credit in a “deep freeze” to make it harder for criminals to prey on you. A credit or security freeze is done by requesting the credit reporting agencies — Equifax, Experian and TransUnion — to block access to your credit files. It makes it harder for someone to open a new account in your name. And it's also free under federal law. However, keep in mind that a credit freeze won't prevent a thief from making charges to your existing accounts. You can request a freeze from the credit companies online or by phone.
6. Ask the credit reporting agencies to place a “fraud alert” on your credit report. This will warn creditors that you may be a victim of ID theft. Fraud alerts are free from all three major credit reporting agencies. When you have an alert on your report, a business must verify your identity before it issues credit. The alert stays on your report for a period of time and can be renewed.
7. Be aware of post-breach “phishing scams” by criminals taking advantage of the news. Both the FTC and Capital One warn against answering emails purportedly from the bank about the scandal. Capital One tells consumers that it won't ask for personal information in emails. And the same warnings go for unsolicited phone calls. Online or off, it's always a good idea to confirm the legitimacy of anyone who claims to be handling your financial information — and who is seeking personal details from you.
News of the Capital One breach comes just one week after the FTC announced that Equifax agreed to pay at least $575 million to settle a lawsuit brought by the FTC, the Consumer Financial Protection Bureau, and 50 states and territories. The lawsuit alleged that Equifax failed to take reasonable steps to secure its network and that failure led to a data breach in 2017 that affected approximately 147 million people.
Data breaches, like those at Capital One and Equifax, are an unfortunate part of life today. As a result, ongoing credit monitoring is essential. Proactive consumers must continue to watch their credit card and bank accounts closely for unusual activity.
Contact your financial advisor for more details on how you can strengthen your private financial information against misuse and fraud.