The Capitol One hack: What you need to know

Unfortunately, we live in a world where data security simply isn’t as secure as it should be. And this week, we’ve learned of yet another major breach. A hack at Capital One has exposed the information of millions of consumers in the U.S. and Canada. The hack represents another in a long list of data leaks over only a few years. Luckily, there are things you can do to protect yourself.

What we know

  • A 33-year-old Seattle resident, named Paige Thompson, gained access to over 100 million Capital One accounts and credit card applications
    • Thompson worked for Amazon Web Services, the cloud hosting company that Capital One was using
  • 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information, have been compromised
    • Thompson was able to gain access by exploiting a misconfigured web application firewall
    • She was arrested on 07/29/19
  • Capital One said the hack occurred March 22 and 23, 2019 and includes credit card applications as far back as 2005
  • The company says it has repaired the exposure and that it is “unlikely the information was used for fraud or disseminated by this individual”

What you can do

  • If you hold or have ever held an account with Capitol One, watch for alerts
    • The company is reaching out to consumers they know have been impacted
    • Do not reply to any emails or phone-calls relating to this breach as they may be phishing scams
    • Contact Capitol One directly
  • Sign up for a credit monitoring service
  • Set up fraud alerts on all of your credit and debit cards and accounts
  • Check all of your financial statements regularly
  • View our Identity Theft Toolkit: http://bit.ly/2wO6Dy0
  • Capital One has set up a dedicated web page at https://www.capitalone.com/facts2019/ for information regarding the recent breach

How it happened

  • Thompson claimed to use a special command to extract files in a Capital One directory stored on Amazon’s servers
  • The FBI believes Thompson tweeted that she wanted to distribute Social Security numbers along with full names and dates of birth
  • Someone who saw the information online notified Capital One of the leaked data
    • Capital One notified the FBI, who then searched Thompson’s residence on 07/29/19

The safety and security of our member accounts and personal information is the highest priority at Wauna Credit Union. Keeping member accounts safe and secure is also a shared responsibility. It’s important for members to review their periodic account statements when received and report any suspicious activity immediately to the Credit Union. Working together, we can increase the opportunities to protect the financial interests of our members and the Credit Union.

If you have additional questions or concerns about the security of your information, you are always welcome to contact us at your convenience.