Capital One Financial Corporation confirmed that personal information was breached by a hacker accessing their customer records in July. Roughly 140,000 Social Security numbers and 80,000 linked bank account numbers belonging to Capital One credit card customers were compromised.
The Capital One incident is just the latest among a growing list of security breaches. In the first half of 2019 alone, over 39 million records were exposed in more than 700 breaches.1 This compares to over 1,200 breaches for the entire year of 2018.
Equifax, one of the three major consumer credit bureaus, reached a settlement for up to $700 million related to its major security breach in 2017. The Equifax breach exposed the personal information of 148 million people who could now be entitled to compensation through this settlement. Equifax offers a free service that allows anyone to check if their data was affected by the breach. The settlement website is located at: https://eligibility.equifaxbreachsettlement.com/en/eligibility
Eligibility to file a claim can be checked by providing minimal personal information. Those who are eligible can complete a claim online. Compensation is in the form of credit monitoring or cash payments. A cash payment of up to $125 can be applied for by anyone who already has credit monitoring.
The amount of cash compensation is based on:
- $25 per hour for up to 20 hours of time spent working to resolve issues as a result of the breach
- Reimbursement for expenses due to losses from unauthorized credit card charges, money spent on credit monitoring, freezing and unfreezing credit reports
- Up to 25% of what a customer paid for Equifax credit or identity monitoring products the year before the breach
Eligibility for compensation of up to $125 requires the recipient to already have credit monitoring that will continue for at least six more months.
While the Equifax settlement offers some relief for affected customers, the best situation is preventing your personal data from being exposed in the first place. The need to protect your identity online has become increasingly important. Be careful with information you share on social media. The Identity Theft Resource Center offers these additional tips to protect your identity online:
- Use the least amount of information necessary to register for and use a site. Be sure your screen name doesn’t provide clues to your “identity.”
- Create a strong password and change it often. A strong password should be more than eight characters in length and contain both capital and small letters and at least one numeric or other non-alphabetical character.
- Do not share your password with others.
- Never post personal information such as your address, phone numbers, e‑mail address, driver’s license number, Social Security Number (SSN), birth date, birthplace, school’s name, or student ID number.
- Do not disclose your location for any given day or the exact location for an event you are going to attend.
- Be careful when posting photos. Make sure they do not provide clues, including where you live, work or go to school.
- Only connect to people you already know and trust
The Federal Trade Commission offers these suggestions2 to anyone who receives a notice from a company that their information may have been compromised:
- Accept free credit monitoring if it is offered.
- Get a copy of your free credit reports from https://www.annualcreditreport.com/. Check for any accounts or charges you don’t recognize.
- Consider placing a credit freeze on your credit report. A credit freeze makes it harder for someone to open a new account in your name.
- Don’t believe anyone who calls and says you’ll be arrested unless you pay for taxes or debt—even if they have part or all of your Social Security number, or they say they’re from the IRS.
Here are some final thoughts on keeping your identity secure on the internet:
- Keep passwords secure. Don’t use the same password on multiple websites. If a site is exposed or compromised, that could leave your other accounts vulnerable. Use a password manager to help keep track of all your passwords.
- Add multifactor authentication. Use two-factor authentication for any site or account that offers it. Two-factor authentication requires the user to first log in with a password, then confirm their identity by entering a code often sent via email or text.
- Monitor credit reports regularly and consider a credit freeze when appropriate.
- There have been more than 700 breaches in the first six months of 2019.
- Equifax reached a $700 million settlement for customers affected by their 2017 breach.
- The best defense is to put smart security practices into place before signing onto the internet.