Outside Capital One building.
/ Shutterstock.com

On Monday, Capital One revealed a major security breach that affected approximately 100 million American cardholders and applicants.

The breach was discovered by Capital One on July 19 after an internal investigation, but occurred when an individual gained unauthorized access to the data on March 22 and 23 of this year. The individual has been arrested in connection with the incident, according to the Justice Department.

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Richard D. Fairbank, chairman and CEO of Capital One said in a statement. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

Here’s how you may be affected and what you can do now to protect your information.

The impact

Capital One says about 100 million people in the United States and an additional 6 million in Canada were impacted by the data breach.

No credit card account numbers or log-in credentials were compromised.

The majority of affected information came from application information provided by consumers and small businesses from 2005 through early 2019, according to the bank. That may include personal information like names, addresses, phone numbers, email addresses and self-reported incomes. Additionally, some individuals’ credit information, such as credit score, credit limit and payment history was compromised.

About 140,000 Social Security numbers of credit card customers and about 80,000 linked bank account numbers of secured credit card customers were also affected.

This news comes just one week after Equifax reached a settlement in relation to its 2017 breach, which affected more than 147 million consumers.

How did this happen?

Media reports have identified Paige Thompson, a software engineer and former Amazon employee, as the alleged sole perpetrator of the breach.

Thompson, a resident of Seattle, was arrested by the FBI in relation to the incident on Monday. Capital One says the information was accessed by exploiting a firewall configuration vulnerability in the cloud server used to store data.

Capital One says “it is unlikely that the information was used for fraud or disseminated,” but the investigation is still ongoing.

Financial consequences

Capital One says the breach will cost the company an estimated $100 to $150 million in 2019.

Capital One Financial Corp. shares fell by 7 percent on Tuesday as a result of the incident, which the Wall Street Journal reports puts the bank on pace for its worst performance since 2015.

How to tell if you were affected

If your data was compromised in the breach, you will be notified by Capital One “through a variety of channels,” the bank says.

Capital One will also provide free credit monitoring and identity protection services to affected customers.

Protect your information

“If you believe you are at risk due to a data breach, you should take steps to block access to your personal information and remain vigilant,” says Bruce McClary, vice president of marketing at the National Foundation for Credit Counseling. “This is especially important for lines of credit and bank accounts.”

Begin by freezing your credit. This will prevent anyone with access to your data from viewing your report or successfully opening accounts in your name. The service is free, but you must reach out to all three credit bureaus (Equifax, Experian and TransUnion) to complete the freeze.

Capital One will provide free credit monitoring services to those affected, but you can also monitor your credit on your own. Regularly check your credit report to ensure that no unauthorized activity has taken place and that all of your accounts are up-to-date and legitimate.

“Most credit cards and checking accounts offer customizable alerts that can notify the account holder of activity in real-time,” McClary says. “Alerts can help account holders take faster action to report suspicious activity and avoid the financial damage caused by unauthorized transactions that might otherwise go unnoticed.”