Last week, Capital One announced a major security disruption. A cybercriminal hacked into more than 100 million Capital One customer accounts here in the United States. Approximately 6 million customers were impacted in Canada. The company is reporting the vulnerability has been fixed and that it is unlikely the information was used for fraud or disseminated by the hacker.
What We Know About the Capital One Breach
- No credit card account numbers or log-in credentials were compromised.
- 99 percent of customer Social Security Numbers were not compromised. Of their credit card customers, about 140,000 Social Security Numbers and 80,000 linked bank account numbers were compromised.
- The largest category of information accessed included consumers and small businesses that applied for one of Capital One’s credit card products from 2005 through early 2019. Information included personal information routinely collected during a credit card application, such as names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
Protecting Your Credit Union & Its Members
While it is alarming to learn about breaches of this magnitude, these instances remind all of us of the shared role we play in safeguarding personal information. Fraudsters are becoming increasingly sophisticated in their attempts to collect data, so it is important for you and your members to keep these tips in mind to avoid a compromise.
- A text alert from a financial institution or credit card company warning of suspicious activity on your card will never include a link to be clicked. A valid notification will provide information about the suspect transaction and ask the cardholder to reply to the text message with answers such as ‘yes’, ‘no’, ‘help’, or ‘stop’. It will never include a link.
- A text alert will always be from a 5-digit number and not a 10-digit number resembling a phone number.
- A phone call from a financial institution or a credit card company’s automated dialer will only include a request for your zip code, and no other personal information, unless you confirm that a transaction is fraudulent. If at any point you are uncertain about questions being asked or the call itself, hang up and call your institution or card company directly.
- Financial institutions and credit card companies will never ask you for your PIN or the 3-digit security code on the back of your card. Don’t provide that information to anyone, no matter what they say.
- Regularly check your account online to see if there are any suspicious transactions that have occurred, especially if you are unsure about a call or text message you’ve received.
- If you receive a voice or a text message from your financial institution or credit card company and are unsure about responding to it, call them directly for assistance.
Action to Take in the Event of Fraud
If you or someone you know is a victim of fraud, there are a number of resources for reporting suspected fraud to law enforcement. Visit the Justice Department’s website for a list of federal agencies you can contact.
The League will continue to inform credit unions of the latest fraud and security threats. Protecting your security and your members’ personal information is our highest priority.