Once again, consumers are confronted with another security breach potentially compromising their personal information.
On Monday, Capital One announced a massive breach involving more than 100 million customers, compromising information such as Social Security numbers, credit scores and credit card transaction data.
The incident led to the arrest of a 33-year-old woman in Seattle, said the Department of Justice on Monday night. Paige A. Thompson, a former software engineer, faces charges including computer fraud.
“I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right,” said Richard Fairbank, chairman and CEO of Capital One, in a statement.
In a statement Tuesday, New York Attorney General Letitia James said her office would begin “an immediate investigation” into the breach.
So what specific information was left vulnerable during the incident? And what can consumers do to protect themselves? Here’s what you need to know:
More: Massive data breach hits Capital One, affecting more than 100 million customers
More: Capital One data breach fallout: How to protect yourself
This story broke in the evening: Stay up to date day with our Evening Briefing newsletter. Sign up here
When did this happen?
According to Capital One, the incident was discovered July 19. An individual – believed to be Thompson – gained unauthorized access to a cloud-based server and obtained personal information on Capital One credit card customers and people who applied for the bank’s products.
The FBI said the data theft occurred between March 12 and July 17, court records show.
How many people were affected?
Approximately 100 million people in the United States and 6 million in Canada were affected, Capital One said.
What kind of data was compromised?
The bank said credit scores, credit limits, balances, payment history and contact information were compromised. Also, fragments of transaction data “from a total of 23 days during 2016, 2017 and 2018” were vulnerable.
Although Capital One said no credit card numbers or log-in credentials were compromised, about 140,000 Social Security numbers of credit card customers were left vulnerable, as well as 80,000 linked bank account numbers of secured credit card customers.
How can I find out if I was affected?
Capital One said it will notify customers affected by the breach “through a variety of channels.”
How do I protect myself?
Capital One said everyone affected by the breach will receive free credit monitoring and identity protection.
Meanwhile, customers can choose to freeze their credit, which you must do at all three credit bureaus: Equifax, Experian and TransUnion. The freeze prevents lenders from pulling your credit report, which would stop criminals from opening a new account. The process is free, and won’t impact your credit score. If you do need to open a new account or complete other activity involving your credit report, you’ll need to unfreeze it first.
Keep track of credit card statements in case any fraudulent charges pop up. Also, change your passwords on those accounts. If you’ve used similar passwords on other accounts, you should change those, too.
Freeze your credit: It’s free in all states after Equifax data security breach
Kelly Tyko and Jefferson Graham contributed to this report. Follow Brett Molina on Twitter: @brettmolina23.