Breaking: 100 Million Affected by Capital One Data Breach

AwardWallet receives compensation from advertising partners for links on the blog. Terms Apply to the offers listed on this page. The opinions expressed here are our own and have not been reviewed, provided, or approved by any bank advertiser. Here's our complete list of Advertisers.

Capital One has confirmed it suffered a data breach affecting 100 million individuals in the U.S. and nearly six million in Canada. While the company stated that no credit card numbers or login credentials were stolen, a large amount of personal information and around 140,000 social security numbers have been compromised. According to CNN, a woman in the Seattle area has been arrested by the FBI in connection with the hack.

 Known Details

Here is what we know about the hack so far:

  • Most of the data accessed was associated with credit card applications.
  • Hackers managed to obtain some personal information, including credit scores, credit limits, balances, payment history, and contact information.
  • Fragments of data shared with Capital One during 23 days in 2016, 2017, and 2018 has been compromised.
  • Around 140,000 social security numbers have been compromised.
  • Approximately 80,000 linked bank account numbers for secured credit card customers have been compromised.
  • In Canada, around 1,000,000 social insurance numbers were affected.

In the wake of the hack, Capital One stated that they would notify affected customers, and all will be offered free credit monitoring and identity protection services. However, if you are concerned there are steps you can take to protect yourself.

Protecting Yourself

In light of previous data breaches, we have an in-depth guide to protecting yourself after a hack. One of the first things to do is assume your data has been breached. You can also check on this (awkwardly named) website To see if your account was compromised.

Additionally, it is worth it to sign up for credit and social security monitoring services like freecreditscore.com, to see what happens with your credit. While these are only a few steps, there are plenty of others you can take to ensure you are protected, and to notify you if your data has been used!

Our Take

No doubt, it is disappointing when a trusted company lets its customers down and allows their data to be compromised. The only consolation is that Capital One acted relatively swiftly and announced the breach, while attempting to take remedial steps quickly, unlike some companies in the past that sat on the information for a long time. Hopefully this hack will be resolved with minimal losses.

Source: Capital One

AwardWallet Tip of The Day
Did you know that when you click the expiration date next to your account, AwardWallet will give you a detailed description of how that date was calculated? Expiration dates calculated by AwardWallet have a special icon to let you know that we did the math for you.
Show me how

The comments on this page are not provided, reviewed, or otherwise approved by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.

Leave a Reply

Your email address will not be published. Required fields are marked *

**You may receive 5 bonus AAdvantage miles for leaving a comment (Details/FAQ)

Comments

  • Is it safe to use haveibeenpwned.com (the “awkwardly named” website mentioned in the post)? Do we know for sure that they’re not just collecting info from people who are concerned about the possibility of their data having been hacked? I guess I’m slightly paranoid!

    • Hey thanks for reaching out about this. While we always look into sites before publishing a link, it’s always a good idea to do your own due diligence. In this case, we reviewed comments from several online forums, including Reddit and determined that the site’s author, Troy Hunt (Wikipedia) is a respected web security expert. We also made our judgment, in part, after noting that the HIBP site was featured on Ohio State University’s Cybersecurity page. As a Michigan Alumni, it’s hard to trust them completely, but I felt it was safe to assume OSU took appropriate steps to verify the site’s legitimacy.

  • While this is the risk of our age, companies can improve their protections with commercially available services and strict security rules. Some fail both of these goals, so in this situation it happens! Rarely is it just a matter of chance!

  • As we all get more connected the more possibility this will happen. Information is out there and people have been trying to get it for years. Just try and safeguard your information as much as possible. As refrigerators, ovens, microwaves, cars, etc. get connected to make things easier people will try to find a way to hack it. I know companies are trying and I cannot fault them unless they did nothing to protect the information. We can try to get the latest and greatest protection and hackers are out there already getting around it.

    It’s frustrating and we all just have to figure out how to make this all not as tempting.

  • The guide for protecting oneself after a hack was pretty informative.

  • Avianca is reliable and promos are really frequents as company business strategy. Information about these promos is one of the goals of this blog.

  • Thanks for the organized, easy to read outline of what happened and what to do. Most of the news articles I had seen elsewhere were not helpful.

  • This is just another reminder how easy it is for hackers to steal your info. Remember to look over your books on the regular!

  • With even large established companies suffering data breaches, everyone has to take more ownership and be vigilant around this. In fact larger companies and financial entities are even more likely to be targeted by hackers. But even smaller companies are targeted, because they may be easier to break into, and because people have a habit of using the same or similar login credentials across many sites, hackers take advantage of this.. Here are some suggestions for what you can do yourself:

    1. Never use exactly the same login and password across multiple sites, specially if they contain sensitive information or are financial entities. Its easier making this connection for example if you use the same details for ebay and paypal,, and your ebay accounts is hacked. Well there is a good chance that person also has a paypal account. And a determined hacker may try using the same details there.
    2. When notified of a breach, change your password as soon as possible. There are a millions of accounts breached, and by the time they get to your account, hopefully you’ve already changed your details.
    3. Unless it is big widely reported news, or you see it in a useful blog like AwardWallet, you need to know this has happened. Consider signing upto a free site like Credit Karma and they will alert you if your name and details have come up in reported breaches

    Hope this helps,l its not easy with everything being digital, but there are other things you can do to reduce your personal risk if you are targeted (as opposed to breaches at companies where they really should have better security monitoring).

  • Unfortunately, news like this no longer surprises me. I’ve been affected by at least half a dozen data breaches by now.

  • Companies can do better!

  • It is relatively easy to claim up to $375 in damages under the Equifax class-action settlement. Let’s hope that will also be true for the Capitol One class action.

  • nothing really new here, it has happened before and it will happen again. It has become part of standard operating procedure with credit card usage.

  • Stacy Y Liu says:

    Feeling like the data breach is becoming more and more often. Horrible that it happened to a very well known CC company.

  • I guess this will end in a class action.

  • This is becoming commonplace and very disconcerting.

  • Another free 2 years of credit monitoring coming, I assume.

  • Despite my having longstanding accounts with them, Capital One has never approved me for a credit card. So I guess I should be happy about this now. On the other hand, I have been involved with other breaches. Like a previous poster mentioned, you just have to watch your accounts closely and take immediate action if something happens.

  • Ouch. If it were to happen in the EU. The penalty for GDPR would be enormous.

  • This is the world we live in now. We need some strong governmental regulations!

  • i think with all the breaches, at this time i believe there is no such thing as “personal information” left. Its all just public

  • Very disappointing news from Capitol One. What a shame.

  • These security breaches seem to get more and more common. At some point, we need a completely different way of protecting data.

  • What a terrible data breach. One year of monitoring is laughable. Going to freeze my credit and pray.

  • The_Bouncer says:

    These breaches are happening more and more often. I really don’t think there is anything you can do about it.

  • Unfortunately we will need more time in the future checking if our data and / our identity have been hacked.
    I don’t see any magic solutions.

  • If this didn’t affect EU customers the company should be thankful. Marriott got a £99m fine for a customer data breach last month, under EU GDPR regulations.

  • At this point, sadly, I just assume my data is eventually going to be breached.

  • This is brutal. I’ve been trying to call Capital One to get some information, can’t even get through, they just cut the line.

  • Yet another data breach of many and many more unannounced, I’m sure. I wonder if this will negatively affect Amazon stock.

  • Wesley Lau says:

    anyone else notice an uptick in scam phone calls after every breach?

  • There is no more privacy for anyone after Equifax and now this.

  • These data hacks seem to be happening more frequently. I have not been contacted by Capital One yet!

  • Steven William Van Meter says:

    These hacks are worrisome. The worse part is that companies always wait to reveal they’ve been hacked.

  • ….and after the lawsuit is settled the lawyers will make millions and everyone who had their data stolen will get 80 cents a piece

  • I think there will be a compensation for that.

  • They really need to do more for the consumer when this happens.

  • Yet another data breach incident…there are so many these days that I don’t even feel shocked anymore.

  • I have a helpless feeling that no matter what one does to protect oneself from identity theft, it will happen anyway because it’s just a matter of time before we find out yet another Capital One or Experian has wrecklessly treated our personal data.

  • Hopefully having no cc apps with Capital One during the affected period they identify (2005-2019) will mean that the wife are safe, but we’ll have to see if a notification letter eventually arrives.

  • That woman is a disgrace!

  • horrible data breach. The sad part is that once the data is lost you can never really fix the issue.

  • There will be more hacks to come in the future. Unfortunately.

  • No one is totally safe today. Even monitoring sites can get hacked. All you can try to do is watch your own accounts carefully and act swiftly if a breach occurs. Then, document everything and take appropriate action with authorities at all levels.

  • I think they need to rename her the hoarder hacker, have you seen the pictures of her house. I wonder how “contained” the breach actually is? It’s like the woman wanted to get caught.

  • I’ve had my data breeched and these company gave 6 months of a program to monitor fraud, after that it fell on me. Really more has to be done and I hope that they provide more to those affected.

    • Folks have a tendency to bemoan lawyers in this country, all the while turning to them repeatedly, justifying their numbers. And, here is where a class action suit is needed for lots of reasons.