Capital One announced Monday that a hacker had accessed a trove of the bank’s credit card application data, exposing the personal information of about 100 million U.S. customers.

The Capital One hack appears to be one of the largest data breaches to hit a financial services firm. In 2017, the credit-reporting company Equifax disclosed that hackers had stolen the personal information of 147 million people. Last week, it reached a $700 million settlement with U.S. regulators over that breach.

The FBI arrested a Seattle software engineer, Paige A. Thompson, on a charge of computer fraud and abuse, according to court records. Thompson once worked for Amazon Web Services, which hosted the Capitol One database that was breached.

About 140,000 Social Security numbers and 80,000 bank account numbers were compromised in the hack, the bank said. The hacker also accessed financial information such as credit scores and balances, and personal information such as addresses, birthdays and contact information. Roughly 6 million Canadian customers also were affected, Capital One said, with about 1 million Canadian Social Insurance numbers compromised.

Worried your data might have been exposed in the hack? Here’s how to make sure your accounts are secure and to safeguard yourself against future attacks.

Check your accounts for suspicious activity


Capital One will notify customers affected by the breach and is offering free credit monitoring and identity protection.

In the meantime, check your recent credit card statements and bank account transactions for suspicious activity. You should also check your credit report to see if any false accounts or credit cards have been opened in your name.

Freeze your credit

Ted Rossman, a analyst, said in a statement to The Washington Post that it’s free and easy to do online or over the phone.

“The number one thing consumers should do to protect their identities is to freeze their credit by contacting Equifax, Experian and TransUnion,” Rossman said. “This is the best way to prevent a criminal from opening an unauthorized account in your name. Unfortunately, only about 1 in 4 U.S. adults have frozen their credit.” This means that creditors can’t access your credit or open accounts in your name.

Change your passwords often

Rossman said found in a poll that more than 80 percent of adults in the United States reuse passwords. Setting up two-factor authentication, a second level of logging into your personal accounts, is also a good idea, whether that’s through an SMS message sent to your phone or an external app such as Google Authenticator.

Related Headlines

Only subscribers are eligible to post comments. Please subscribe or login to participate in the conversation. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.