My info was in the Capital One breach. What should I do?

The majority of those impacted by the Capital One breach are left with one big question: What do I do? We have some ideas.
capital one data breach

While the security world focuses on the aftermath of the Capital One data breach, the majority of those impacted by the incident are left with one big question: What do I do?

The amount of information taken from the bank’s system is extensive: names, addresses, zip and postal codes, phone numbers, email addresses, dates of birth and self-reported income on 100 million U.S. residents. Social Security numbers and bank account numbers were also pulled from Capital One’s cloud computing infrastructure. If you’ve gotten notice that your information was part of the breach, there are steps that you can take to protect yourself.

How do I freeze my credit?

Freezing your credit is one of the safest things you can do if you believe you are susceptible to identity theft due to a data breach. By instituting a freeze, any business trying to run a credit check, which is often necessary to open a new account, will have to verify with you that a credit check is legitimately being run. It doesn’t fully guarantee that a potential identity thief will be thwarted, but it slows down the process enough that you will be notified if there is anything nefarious happening.


If you want to freeze your credit, you need place a call to the three major credit bureaus: Equifax (1-800-349-9960), Experian (1-888-397-3742), and TransUnion (1-888-909-8872). The U.S. Federal Trade Commission also has more information on the process.

If freezing your credit is too strong for your liking, you also can enroll in a credit monitoring service. When breaches occur, the companies affected typically offer free credit monitoring.

I don’t have a Capital One card. Was I affected?

Maybe. The stolen information dates back to 2005, and was collected from credit card applications. That means you didn’t have to ever have been an active Capital One customer to be affected. Also, Capital One has either inherited credit card accounts or merged with other banks since then, so it’s worth checking on an account you may have closed just to make sure you weren’t impacted.

Is anyone going to contact me? Should I watch out for scams?


Capital One said it is going to reach out to affected customers. Otherwise, you should be increasingly vigilant for scammers or thieves who are preying on misinformation surrounding the incident. Capital One’s CEO said “it’s highly unlikely” that this information was sold to hackers or criminals, so any emails or messages you receive that say your Capital One information has been found are most likely fraudulent.

What else should I do?

Pay attention to the news surrounding the incident, as information related to data breaches often changes as technical experts go through an investigation. Also, if you want to get involved from a legal perspective, a class-action lawsuit was filed in Washington D.C. shortly after the breach was made public. These types of lawsuits often take years to play out, however one related to the Equifax breach is beginning to result in checks for people who were impacted by that 2017 incident.

Latest Podcasts