• Discounts and special offers
  • Subscriber-only articles and interviews
  • Breaking news and trending topics

Already a subscriber?

By signing up, you accept Moneywise's Terms of Use, Subscription Agreement, and Privacy Policy.

Not interested ?

But the full extent of the damage isn't clear, and what the company is providing may not go far enough to safeguard your good name.

You need to be proactive. Here's more on what happened — and what you should do.

How Capital One got hacked

Apply for Credit Card Loan Payment Banking Concept

On its website, Capital One says its "cyber incident" involved someone outside the company who was able to break into files on some 100 million people in the U.S. and another 6 million or so in Canada.

You could be one of them if you applied for a Capital One credit card between 2005 and early this year.

The breach exposed all the stuff credit card applicants are usually asked for, including names, addresses, ZIP codes, phone numbers, emails, birthdates and income.

The hacker also gained access to the Social Security numbers of 140,000 U.S. customers and the social insurance numbers of roughly 1 million Canadians, Capital One says.

Credit card account numbers and login details were not swept up by the hack. However, the thief did get about 80,000 bank account numbers tied to secured credit cards that help consumers build credit.

Capital One executives say it's "unlikely" any of the stolen information was used for fraud — but they can't be sure. The investigation is continuing.

Don't miss

What Capital One is offering

credit card data encryption security
wk1003mike / Shutterstock
Capital One is providing free identity theft protection.

The alleged hacker has been arrested in Seattle. According to media reports, she's a former employee of Amazon Web Services who bragged online about what she'd done, using the handle "erratic."

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Capital One Chairman and CEO Richard Fairbank said, in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

The company says it will notify victims through "a variety of channels," and they'll be offered free credit monitoring and identity protection.

You'll want to sign up for all of that, though many privacy experts say credit monitoring doesn't stop identity theft but only watches your credit reports for indications it may have already happened.

There are a few important steps you can take on your own now to protect your ID and your money.

What you need to do

Credit report with score on a desk
danielfela / Shutterstock
Keep close tabs on your credit reports and scores.

If you applied for a Capital One card in recent years, the hack ought to convince you that it's time to start checking your credit on a regular basis, if you're not already doing that.

Though the company didn't learn of the breach until mid-July, Capital One says its systems were hacked in March. That means for months, your personal information may have been out there — at the mercy of identity thieves.

You're entitled to free annual credit reports from the three major credit bureaus — Experian, TransUnion and Equifax — so be sure to ask for those, and make sure there's nothing suspicious in them.

Experian Boost™ or Credit Sesame will give you access to a free credit score, so you can watch it for any signs of trouble.

Anyone with concerns about the Capital One breach also ought to request a credit freeze, which locks creditors out of your credit reports. That keeps fraudsters from opening new accounts in your name.

You need to contact the three credit bureaus to cover all the bases and freeze your credit completely. You used to have to pay fees to freeze and thaw your credit, but the process is free now.

Another important safety step is to change your passwords with regularity, to keep your accounts safe. Always choose new passwords that would be impossible to guess.

Researchers at Britain's National Cyber Security Centre recently said "123456" remains the world's most popular password, and that the word "password" still ranks high, too. (Sigh.)

Use password management software to help you choose more complicated passwords — and help your devices remember them.

Find a financial adviser in minutes

Are you confident in your retirement savings? Get advice on your investment portfolio from a certified professional through WiserAdvisor. It only takes 5 minutes to connect with an adviser who puts you first.

Get Started

Why does this all sound so familiar?

KONSKIE, POLAND - MAY 08, 2018: Equifax Canada website displayed on smartphone
Piotr Swat / Shutterstock
The Capital One news comes shortly after the announcement of a settlement over the Equifax breach.

At some point in this story, you may have found yourself thinking: A corporate apology, free credit monitoring, credit freezes — where have I heard all of that before?

It's easy to feel deja vu, or get confused. The news from Capital One comes just days after federal authorities announced a huge settlement over the massive 2017 data breach at Equifax, the credit reporting agency.

That one opened a door on the data of 147 million U.S. consumers, making it bigger than the Capital One hack.

In a possible preview of what's to come for Capital One customers, Equifax is offering victims the choice of either $125 — or 10 years' worth of credit monitoring.

Plus, cash payments of up to $20,000 are available to compensate consumers who lost money or had expenses related to the breach. You can file a claim at EquifaxBreachSettlement.com.

What to read next

Doug Whiteman Former Editor-in-Chief

Doug Whiteman was formerly the editor-in-chief of MoneyWise. He has been quoted by The Wall Street Journal, USA Today and CNBC.com and has been interviewed on Fox Business, CBS Radio and the syndicated TV show "First Business."


The content provided on Moneywise is information to help users become financially literate. It is neither tax nor legal advice, is not intended to be relied upon as a forecast, research or investment advice, and is not a recommendation, offer or solicitation to buy or sell any securities or to adopt any investment strategy. Tax, investment and all other decisions should be made, as appropriate, only with guidance from a qualified professional. We make no representation or warranty of any kind, either express or implied, with respect to the data provided, the timeliness thereof, the results to be obtained by the use thereof or any other matter.