Capital One has announced it was victim of a cyber attack, leaking information on roughly 6 million Canadians and 100 million people in the United States.
“There was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers,” explains Capital One on its FAQ (frequently asked questions) page on the incident.
The banks says it “immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement,” with the FBI arresting one person responsible for the data breach.
Capital One says “no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.”
But the information leaked mainly affected consumers and small businesses, in particular those who applied for a credit card from 2005 to 2019. The following information was leaked:
- zip codes/postal codes
- phone numbers
- email addresses
- dates of birth
- self-reported income
Other information leaked included “portions of credit card customer data, including:”
- Customer status data such as: credit scores, credit limits, balances, payment history, contact information
- Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
Capital One says “For our Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident.”
Ouch. Capital One offers a Mastercard with Costco in Canada, so if you have one of their cards, you most likely are affected by this breach.