Advertisement
Consumer

Capital One data breach: here’s what Canadians need to know

WATCH: Capital One data breach impacts 6 million people in Canada

A Capital One Financial data breach left the personal information of six million Canadians compromised, the company revealed Monday.

The company provides Mastercard credit cards for Costco Wholesale’s Canadian retail network and the Hudson’s Bay Company.

The FBI has arrested the alleged hacker, who also reportedly accessed the information of 100 million United States residents, the company said in a press release.

READ MORE: Capital One data breach hits about 6 million people in Canada, 100 million in U.S.

It also apologized over the incident.

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Capital One chairman and CEO Richard Fairbank said.

WATCH: How to keep your personal data safe from hackers

How to keep your personal data safe from hackers
How to keep your personal data safe from hackers

Here’s what you need to know about the hack, and how to find out if your account was affected. 

Details on compromised information

The information included names, addresses, phone numbers, postal codes, email addresses, birthdates and self-reported income.

Story continues below advertisement

Capital One said approximately one million social insurance numbers (SIN) were compromised.

The information exposed in the hack was largely linked to consumers and small businesses that applied for Capital One credit card products between 2005 and early 2019, the company said in a news release.

Also exposed were customer status data, such as credit limits, scores, balances and payment histories.

However, Capital One also said no one’s credit card account numbers or login information was compromised.

“Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual,” it added in the release.

WATCH: Equifax to pay up to $700M to U.S. as result of 2017 data breach

Equifax to pay up to $700M to U.S. as result of 2017 data breach
Equifax to pay up to $700M to U.S. as result of 2017 data breach

Capital One to contact those affected

Capital One said it will notify affected customers through a variety of ways, but didn’t specify how.

However, it did note that it won’t call individuals about it, so be wary of any calls about the breach. The company also said that customers should be extra mindful of phishing emails due to this incident.

Story continues below advertisement

If customers do think they are experiencing phishing emails, they can contact Capital One directly at abuse@capitalone.com

Possible steps to take

Canadians who suspect they may be affected should check their financial accounts for any unusual activity. They can call the number on the back of their credit card for questions about such transactions.

Ann Cavoukian, who works with the Privacy by Design Centre of Excellence at Ryerson University, explained that customers should keep close tabs on activity for several months.

“If you have a Capital One credit card, make sure you scour all of the charges that come in over the next six months to a year, because if you don’t you could become a victim of identity theft,” she said.

Tweet This

Cavoukian also recommended taking up Capital One’s offer for free credit monitoring and identity protection for people who have been affected.

LISTEN: Alex Hamerstone of TrustedSec joins Ryan Jespersen to explain what can be done to protect personal information

Those affected can ask for new credit card numbers as a precaution. However, the government does not issue new social insurance numbers if they’re lost or stolen. It may issue a new SIN if there is proof that it was used fraudulently.

Story continues below advertisement

The company will also be posting updates for Canadian customers here. 

WATCH: Air Canada customers hacked in cyber attack

Air Canada customers hacked in cyber attack
Air Canada customers hacked in cyber attack

Alleged hacker charged

Paige A. Thompson, who uses the online handle “erratic.” was charged with a single count of computer fraud and abuse in U.S. District Court in Seattle.

Thompson made an initial appearance in court and was ordered to remain in custody pending a detention hearing Thursday.

READ MORE: Foreign hackers targeting Canadian banks and government, cyber-security expert tells MPs

On June 18, Thompson sent a message on Twitter to another user saying, “I’ve basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it.”

The FBI raided Thompson’s residence Monday and seized digital devices. An initial search turned up files that referenced Capital One and “other entities that may have been targets of attempted or actual network intrusions.”

— With files from Global News reporter Jesse Ferreras, The Associated Press and The Canadian Press