6 Ways to Protect Yourself From a Data Breach
Here are some things you can do to safeguard your accounts.
Here are some things you can do to safeguard your accounts.
The recent data breach at Capital One didn’t follow the plotline of a usual cybercrime. But that doesn’t mean you shouldn’t take steps to protect yourself.
In an informational statement, Capital One (COF) explained what happened, what’s being done about it, and what customers can do if they are affected.
The data breach wasn’t small--it affected 100 million customers. Very sensitive personal financial information was stolen from these customers, including Social Security numbers, linked bank account information, credit scores, credit limits, balances, payment history, and transaction history. Capital One said that no credit card account numbers or log-in credentials were compromised.
There’s one element that makes this breach different from others of its ilk: Capital One said in its statement that there isn’t any evidence that the alleged hacker sought to profit from the information she (allegedly) stole nearly four months ago or that she shared it. Following most data breaches, hackers immediately sell the stolen data in black market transactions--the fresher the data, the higher the price it commands.
But you should not take this to mean that the data breach is not a threat. You should absolutely take steps to monitor and protect your accounts.
Here's why: The alleged hacker openly shared details about the crime on social-media platforms. Therefore, it is certainly possible that "at least some of that data could have been obtained by others who may have followed her activities on different social media platforms," said security expert Brian Krebs.
Further, Morningstar stock analyst Colin Plunkett said that "based on the suspect’s Twitter activity and Slack posts [as detailed by Krebs], it appears Capital One isn’t the only company affected by this--it’s just the first company to publicly acknowledge it has been hacked and the most proactive in addressing the security situation."
Plunkett adds that, while he thinks Capital One has gotten ahead of the issue and has been aggressive in its response, he agrees that consumers should be proactive when it comes to safeguarding their data.
What Can You Do?
1. Check your account for suspicious activity. In this FAQ, Capital One says customers should report suspicious activity on their card by calling the number on the back of their card.
2. If you see fraudulent charges on your account, you can put a free fraud alert on your account for a year. Unlike a credit freeze, a fraud alert doesn’t prevent lenders from accessing your credit report, but it requires lenders to verify the identity of anyone opening an account in your name.
To set up a fraud alert on your credit report, contact one of the nationwide credit reporting companies--Equifax, Experian, or TransUnion. The company you contacted will notify the other two, and fraud alerts will be added to your credit reports with those agencies as well.
3. Check your credit report. If you were affected by the data breach at Capital One--or even if you weren’t--take this opportunity to check your credit report to make sure the information is complete, accurate, and up to date.
The Fair Credit Reporting Act requires each of the three nationwide credit reporting companies to provide you with a free copy of your credit report, at your request, once every 12 months. Requesting a copy of your credit report is free and safe if you do it through www.annualcreditreport.com; it is the only website authorized to issue free credit reports as part of the FRCA.
4. Be suspicious of any calls and emails you receive. After data breaches, phishing activity often picks up as criminals hope to take advantage of consumers’ fear and confusion. Both Capital One and the Federal Trade Commission have explicitly stated that they will not email, text, or call consumers asking for credit card or account information or Social Security numbers.
5. Consider signing up for the free credit monitoring and identity protection services that Capital One said it will offer.
The firm hasn’t released details other than to say that it will offer credit monitoring and identity theft protection, but it could be worth your while to sign up. For example, the credit monitoring that Equifax (EFX) is offering consumers who were affected by its recent breach is worth “hundreds of dollars a year,” the FTC says, "because it monitors your credit report at all three nationwide credit reporting agencies, and it comes with up to $1 million in identity theft insurance and individualized identity restoration services.”
6. Freeze your credit. A law enacted in September allows you to freeze and unfreeze your credit for free. To do it, you have to contact all three of the nationwide credit reporting agencies. A credit freeze doesn’t hurt your credit score; it just prevents lenders from checking your credit in order to open new accounts. If you want to open a new account, you have to unfreeze your credit to do so.
Data breaches that result in fraudulent credit card charges are a big enough problem in their own right. But what if cyber thieves gain access to enough key financial information that they could steal from your savings and retirement accounts? In “9 Ways to Secure Your Financial Accounts From Cyber Thievery,” we interviewed two cybersecurity experts to find out what you can do to safeguard yourself from attacks on your banking, brokerage, and mutual fund accounts.
In “Cybercrime and Your Investments: What You Need to Know," we interviewed experts from financial regulatory organizations at Finra and Sifma to find out how safe your financial assets are and what the financial industry is doing to combat the problem of cybercrime.
Karen Wallace does not own (actual or beneficial) shares in any of the securities mentioned above. Find out about Morningstar’s editorial policies.