The Washington PostDemocracy Dies in Darkness

Here’s how to make sure you’re safe after the Capital One hack

The personal information of about 100 million U.S. customers was compromised. What steps should you take to protect yourself

Capital One revealed July 29 that personal information of about 100 million bank customers in the U.S. were stolen by a hacker. (Video: Reuters)

More than 100 million credit card applicants had their personal information compromised in the Capital One hack announced Monday, illustrating once again just how vulnerable consumer data can be even for the most security-minded organizations.

The hack, one of the largest ever against a financial services firm, comes just days after the credit-reporting company Equifax reached a $700 million settlement with U.S. regulators over the high-profile 2017 cyberattack that exposed the data of 147 million people.

[Equifax to pay up to $700 million to settle state and federal investigations into 2017 security breach]

FBI agents arrested a Seattle software engineer, Paige A. Thompson, on accusations of computer fraud. The bank says the hack exposed 140,000 Social Security numbers and 80,000 bank account numbers, as well as credit scores, balances, and personal information such as addresses, birthdays and contact information. Roughly 6 million Canadian customers also were affected, Capital One said.

[Capital One breach: U.S. v Paige Thompson (aka ‘erratic’)]

Capital One says data breach affected 100 million credit card applications

Worried your data might have been exposed in the hack? Here’s how to make sure your accounts are secure and to safeguard yourself against future attacks.

Check your accounts for suspicious activity

Capital One will notify customers affected by the breach and is offering free credit monitoring and identity protection.

In the meantime, check your recent credit card statements and bank account transactions for suspicious activity. You should also check your credit report to see if any false accounts or credit cards have been opened in your name. Report any concerning activity to your bank immediately.

Freeze your credit

Freezing your credit is a crucial step in identity protection, as it ensures no one, including banks, can access your credit reports without your permission. You can freeze your credit for free, either online or by phone, according to Ted Rossman, a analyst.

“The number one thing consumers should do to protect their identities is to freeze their credit by contacting Equifax, Experian and TransUnion,” Rossman said. “This is the best way to prevent a criminal from opening an unauthorized account in your name. Unfortunately, only about 1 in 4 U.S. adults have frozen their credit.”

If freezing your credit isn’t an option, you can contact a credit bureau to set up fraud alerts, said Daniel Markuson, a digital privacy expert at NordVPN.

Michelle Singletary: What you should do if a Capital One credit card is in your wallet

“Fraud alerts flag creditors and they verify your identity before issuing new credit in your name,” Markuson said in a statement to The Post. “Such alerts usually last for a year but can be renewed.”

Change your passwords often

Rossman said a poll by found that more than 80 percent of adults in the United States reuse their passwords. Setting up two-factor authentication, a second level of logging into your personal accounts, also is a good idea, whether that’s through an text message sent to your phone or an external app such as Google Authenticator.

Stay alert for possible scams

Because the hack involved a great deal of personal information, it’s possible it could lead to a rise in phishing scams, Markuson said

“Personalized phishing messages are designed to look as if they are coming from a legitimate bank or other familiar organization,” Markuson said. “Such scams are usually very effective as criminals use a piece of real information, for example, your name and address.”

To protect yourself from scammers, don’t click links from parties you don’t trust and don’t give out personal information over the phone, even if the person contacting you claims to represent a trusted organization.