Huntsville cybersecurity experts talk Capital One data breach
HUNTSVILLE, Ala. (WAFF) -The data breach at credit card giant Capital One is one of the largest hacks ever recorded, exposing the personal information of 100 million people in the U.S. and another six million in Canada.
Customers' names, addresses, phone numbers, birth dates, and some parts of their credit history are at risk. It also includes credit card applications as far back as 2005.
The alleged hacker is in federal custody.
Capital One insists that no credit card account numbers or log-in information was exposed.
H2L Solutions, a Huntsville cybersecurity company, talked about the data theft and what you can do to protect your information and your money.
Brandon McCaghren, Senior Cybersecurity Engineer, says credit card applications contain personally identifiable information that someone would need to open a credit card account in your name or start other accounts.
"They can also use a lot of that data to get around the security controls a lot of people have on their accounts in order to access the accounts that way," he explained.
Capital One says they will notify the millions of people impacted and make free credit monitoring and identity protection available.
H2L's experts say take advantage of it.
"Use it to make sure no new accounts are being opened in their name. They should monitor their credit score because that would be an active thing that would change if people are trying to open new accounts. Really it's just keeping an increased vigilance over the next few months to make sure their information and their bank accounts are safe." McCaghren stated.
"Make sure all your passwords are secure. Make sure their lengthy and have good character variance. Changing them often is very important. Essential security controls," added Peyton Guy, Junior Cybersecurity Engineer.
Capital One alerted authorities after receiving a random email tip from an internet user who says they saw the alleged hacker talking about the stolen information online.
According to a criminal complaint, Paige Thompson, a 33-year-old former software engineer from Seattle, obtained the data by accessing a server rented by Capital One and then posted it to an information sharing site.
She's been charged with computer fraud and abuse.
The information compromised includes consumers and small businesses who applied for a Capital One credit card product between 2005 and 2019.
According to Capital One, 140,000 social security numbers were put at risk, along with 80,000 bank account numbers.
Capital One’s CEO apologized for what happened in a statement, saying he’s “committed to making it right.”
This latest breach comes just one week after credit-reporting company Equifax settled with the government for a record $650 million after a 2017 data breach exposed the personal information of nearly 150 million people.
"This is going to happen again and again, and more and more as time goes by and to make sure you're safe, you have to keep vigilance over your own accounts and your own bank stuff. Nobody cares about your accounts and your money like you do. While there are several tools and companies out there who do credit monitoring, making sure you're involved in that process is the best way to protect yourself," McCaghren said.
Better Business Bureau has some suggestions for consumers concerned that their credit or debit cards may have been compromised by a data breach:
-Stay calm. Consumers are not liable for fraudulent charges on stolen account numbers.
-Check with the website of the company that was breached for the latest information. Type the company name directly into your browser. Do NOT click on a link from an email or social media message.
-If a credit card has been compromised, you will likely hear from the bank or card-issuer first. If you have questions, call the customer service number on your card.
-Consider putting a credit freeze or fraud alert on your credit reports with the three major credit reporting agencies (go.bbb.org/creditfreeze). A credit freeze will prevent anyone from accessing your credit report or scores. This means you cannot apply for new credit without lifting the freeze. A fraud alert flags your account but does not automatically halt new credit being opened in your name.
-AnnualCreditReport.com is the only website authorized by the Federal Trade Commission to provide you with a free annual credit report. Be wary of ads, emails, and social media messages for other services. Everyone should check their credit reports annually, whether or not they have been the victim of a data breach.
-If your credit card(s) has been breached:
Monitor your credit card statements carefully (go online; don't wait for the paper statement).
If you see a fraudulent charge, report it to your bank or credit card issuer immediately so the charge can be reversed and a new card issued.
Keep receipts in case you need to prove which charges you authorized and which ones you did not.
-If your debit card has been breached:
Do all of the above as for credit cards, but pay very careful attention to your account. Debit cards do not have the same protections as credit cards and debit transactions withdraw funds directly from your bank account.
Contact your bank for more information, or if you want to pre-emptively request a new debit card or put a security block on your account.
-Beware of scammers who may purport to be from the retailer, your bank, or your credit card issuer, telling you that your card was compromised and suggesting actions to “fix” the problem. Phishing emails may attempt to fool you into providing your credit card information, or ask you to click on a link or open an attachment, which can download malware onto your computer.
Copyright 2019 WAFF. All rights reserved.