Data Breach

Yet Another Data Breach: This Time it’s Capital One

The third-largest credit card company in the world suffered a massive data breach.

Capital One was hacked on July 19th,  in the most significant breach of the year. The incident occurred days after Equifax came to a settlement agreement for its 2017 breach. 

Data breaches have been becoming increasingly more common and devastating to customers.   Companies seem unable to protect user data.  What should you do if you’ve been compromised in a breach?  And what does the future of data security look like? 

The Capital One Data Breach

The personal data of almost 106 million customers was captured in a sophisticated hack by a  Seattle engineer. The hacker was able to gain access to information from as far back as 2005 until the present day.  That data included a wealth of personal info: names, addresses, birthday, credit scores, Social Security numbers, and bank account numbers.  Login and credit card numbers were not included in the breach.

Capital One says its contacting affected members, but its method seems to be limited to sending Tweets, not contacting its users on an individual basis.  This isn’t surprising; it’s public relations 101 for companies to downplay a breach.  And, unlike Equifax, Capital One has yet to release a tool for its customers to self check their account status.

What is a Data Breach

A data breach occurs with an unauthorized person or identity access to secure information. Breaches can range in size, from one individual to a grander scale with millions affected. 

The most common type of data stolen is personal identifiable information.  This type of data includes names, credit card numbers, and Social Security numbers. 

Data breaches are on the rise.  2018 saw over half-billion records compromised, and there have been 16 large scale data breaches  in 2019. 

Why Do Breaches Keep Occurring

In an interview with the Tech Republic, Matthew Honea, director of cybersecurity for Guidewire Cyence Risk Analytics, points back to lack of education around risk mitigation.

According to IBM, 27% of data breaches are caused by human error, meaning more than a quarter of breaches could have been easily prevented with better education. This is seen across all levels of experience, as many companies still lack the proper protocol and protections to help mitigate risks for them and their customers.   

Honea goes on to say that companies try to avoid, minimize, or coverup data breaches.  This means that many times, customers are unable to secure their accounts and change passwords promptly. By the time a company releases information about the breach, the damage has already occurred.

Even with increased education and a focus on encryption, Hackers are continually improving their methods.

Technological advances create new risks. Adoption of IoT devices allows even refrigerators to be hacked to gain access to a company’s data records. As 5G pushes forward, attacks will become more frequent as we become more connected. Additionally, as cloud providers increasingly grow in scale, and more companies share cloud servers to save money, the risks of the cloud being hacked could put many companies at risk on an unprecedented scale.

Norton Internet Security agrees that data breaches won’t be going away anytime soon. But does offer some hope: “companies are tightening security measures and reassessing their procedures to better protect the consumer data they use and store.”

You’ve Been Hacked, Now What?

If your data has been leaked in a major breach, there are several things you can do to minimize the damage.

  1. Find out precisely what data was stolen. Was it contact information like a phone number or was it social security numbers and passwords.
  1. Monitor your financial and email accounts for suspicious activity. Keep an eye out for anything out of the ordinary. Often fraudulent charges start as small to ensure the data is valid.
  1. File next year’s taxes as soon as you’re able. This helps ensure that no one is filing a false refund under your name.
  1. Monitor your Credit Report.  The three main credit bureaus offer a free yearly credit report.  You can also sign up for free credit monitoring services such as Credit Karma to receive monthly updates.
  2. Change your passwords.   If you use the same password for accounts, you’re at risk, and the passwords need to be updated immediately.   Even if you use different passwords for every account, you still need to change the password for the account that was hacked.