On Monday, July 29, 2019, Capital One announced that it had suffered a data breach in which a cybercriminal accessed the personal information of about 100 million individuals in the United States and approximately 6 million in Canada.

In an announcement, Capital One stated that the affected data included people who had applied for its credit card products and Capital One credit card customers. At this time, about 140,000 Social Security Numbers of the company’s credit card customers and about 80,000 linked bank account numbers of its secured credit card customers have also been accessed. To date, no credit card numbers or online account credentials appear to have been compromised.

To date, the compromised data includes:

• Names
• Addresses
• Zip codes/postal codes
• Phone numbers
• Email addresses
• Dates of birth
• Applicant income
• Credit scores
• Credit limits
• Balances
• Payment history

If you’re a Capital One Customer or believe your data may be among that which was accessed, here are 5 steps you can take to help safeguard your personal information and mitigate any impact:

Check your account(s)
Review recent account activity and statements for any suspicious transactions or payments you don’t remember making. If you find anything concerning, report it to the appropriate financial institution as quickly as possible. You should be able to freeze your Capital One card so no additional purchases can be made.

Freeze your credit
Freezing your credit means that no individual or company can access your credit reports without your explicit permission. This means that fraudsters are unable to apply for loans in your name because the bank is unable to verify your eligibility. If you believe your information was compromised in this breach, we highly recommend this step.

To freeze your credit, you’ll need to place a request with the three major credit bureaus: Equifax, Experian and TransUnion.

• Change your account passphrases
  In this case, log-in credentials were not among the compromised information, but it is always better to be safe than sorry. Here are best practices for making strong passphrases.
• Make your passphrase a sentence: A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music”). On many sites, you can even include a space
• Unique account, unique passphrase: Having separate passphrases for every account helps to thwart cybercriminals
• Write it down and keep it safe: Everyone can forget a passphrase. Keep a list that’s stored in a safe, secure place away from your computer. As an alternative, you can use a service like a passphrase manager to keep track
  Learn more about passphrases.

Turn on multi-factor authentication for added account security
Typing a username and passphrase to access a website isn’t the only or most secure way to identify yourself when logging in. Services such as multi-factor authentication (frequently referred to as MFA and two-factor) uses biometrics, security keys or a unique one-time code through an app on your mobile device to verify that you’re the true owner of the account.

Learn more about multi-factor authentication.

Keep your eyes peeled for scams
When it comes to scammers, there’s no rest for the wicked. In the wake of any large data breach, thieves will leverage heightened panic to prey on unsuspecting victims by sending fake settlement or notice emails (phish) or making phone calls that implore you to act immediately or are threatening in nature. Remain vigilant to these tactics by familiarizing yourself with online safety best practices.

Cybercriminals don’t discriminate when data is involved. Whether you’re an individual or business, it is critical to Own IT. Secure IT. Protect IT. You can learn more about how to do so during National Cybersecurity Awareness Month, held annually during October and co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Security Agency.

To receive the latest cybersecurity news and advice, sign up for our email list below.