Outside of Capital One Bank building in New York, New York

Outside of Capital One Bank building in New York, New York


If you’re a Capital One customer, then you may have had your data compromised. Back in March, a software engineer exploited Capital One’s security in order to gain access to millions of people’s user data.

Over 100 million people residing in the United States have had their data compromised, not to mention an additional 6 million individuals in Canada. According to Capital One roughly 80,000 bank account numbers, 1 million Canadian Social Insurance numbers, and 140,000 Social Security numbers were exposed in the process. Obviously, the full ramifications of this breach have not yet been felt.

However, there’s no need to worry if you’re a Capital One customer, the company says. There are certain steps you can take to ensure that you’ll come out of this predicament in tip-top shape, regardless of whether your data was exposed or not.

Here’s what we recommend you do.

Like Douglas Adams said, don’t panic

First things first: grease up those elbows. According to Erica Sandberg, a San Francisco-based consumer finance expert, you should “get ready to spend some time and energy,” to find out whether or not you’re in the clear.

While Capital One has said that they will notify all the victims of the breach, in addition to offering them free identity protection services and credit monitoring, you should still call the company to find out whether anything is amiss. After all, the company already let hundreds of millions of user’s data be compromised – they might forget to notify some people. However, you should take advantage of the services they offer – it’s the least they can do, after all.

Manually look over your accounts

Really take the time to pore over your banking and credit card statements, and instantly flag any activity that’s even vaguely suspicious. Make a note of anything that looks incorrect to Capital One as soon as possible.

Sara Rathner, a credit expert with finance website NerdWallet, said “If you find suspicious activity on even your best credit cards, banks like Capital One allow you to freeze your card so that purchases can no longer be made.You can do this easily on the Capital One app or online.”

Most banks have services like this, but at Capital One the freeze should be instantenous.

Some experts, like Sandberg, recommend lots of caution to miss out on any potential future hacks. After all, there have been many financial hacks at this point in time – there are bound to be more.

“Change your passwords on all accounts,” advises Sandberg. “Yes, again.”

Capital One Bank's Venture Card, the front design of their best traveler's credit card

Capital One Bank’s Venture Card, the front design of their best traveler’s credit card

Take out some cash and freeze your credit

This step may seem like a hasty one, but it’s recommended if you’re worried about anyone using your credit. Basically, no one can take out a loan in your name, as banks won’t be able to access your credit report, resulting in an automatic loan denial.

Obviously, this step can have negative effects on you, so if you have any big purchases in the works, then give yourself time to unfreeze your credit before trying to purchase anything that would require credit. Planning is essential on your part.

Stay aware

Cybersecurity attacks like this one occur regularly, but there are plenty of ways for you to ensure your safety in the event of a security breach.

Experts say the most important thing is vigilance.

If your bank doesn’t already offer a credit monitoring service, then consider signing up for one. This is an easy way to stay up to date on your scores and any loans in your name.

Obviously, you don’t have to use a service, but the alternative is to check on all the reports yourself. If you choose this option, just make sure to do it regularly – at least four times a year.

Cybersecurity giant Norton says that “If the companies offer activity alerts via text or email, it may make sense for you to sign up for them.” An additional option is requesting activity notifications for your accounts, either directly from your bank or from a monitoring service.

Stay wary of scammers

“Don’t respond to phone calls or emails from creditors,” advises Sandberg. “Call them using the phone number you find on the legitimate website.”

Also, make sure that any site you use online is a secure one. There are many sites online masquerading as real companies, but there’s an easy way to distinguish the real ones from the frauds. Real sites will have correctly spelled URLs, and begin with https://. The “s” stands for secure, meaning the site has encryption enabled to ensure the security of any user-inputted data.

Most importantly, just remember to stay cautious and aware when it comes to your finances. Online attacks occur with astounding regularity, and can cripple your finances. If you follow the outlined steps, you’ll probably be in the clear.