If a Capital One credit card is what's in your wallet, you'll want to take defensive action following a major hack that stole the personal information of around 106 million Capital One customers in the U.S. and Canada.
The CEO of the giant credit card issuer says he's "committed to making it right," so the company is offering protections to people whose identities were put at risk.
But the full extent of the damage isn't clear, and what the company is providing may not go far enough to safeguard your good name.
You need to be proactive. Here's more on what happened — and what you should do.
How Capital One got hacked
On its website, Capital One says its "cyber incident" involved someone outside the company who was able to break into files on some 100 million people in the U.S. and another 6 million or so in Canada.
You could be one of them if you applied for a Capital One credit card between 2005 and early this year.
The breach exposed all the stuff credit card applicants are usually asked for, including names, addresses, ZIP codes, phone numbers, emails, birthdates and income.
The hacker also gained access to the Social Security numbers of 140,000 U.S. customers and the social insurance numbers of roughly 1 million Canadians, Capital One says.
Credit card account numbers and login details were not swept up by the hack. However, the thief did get about 80,000 bank account numbers tied to secured credit cards that help consumers build credit.
Capital One executives say it's "unlikely" any of the stolen information was used for fraud — but they can't be sure. The investigation is continuing.
What Capital One is offering
The alleged hacker has been arrested in Seattle. According to media reports, she's a former employee of Amazon Web Services who bragged online about what she'd done, using the handle "erratic."
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Capital One Chairman and CEO Richard Fairbank said, in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."
The company says it will notify victims through "a variety of channels," and they'll be offered free credit monitoring and identity protection.
You'll want to sign up for all of that, though many privacy experts say credit monitoring doesn't stop identity theft but only watches your credit reports for indications it may have already happened.
There are a few important steps you can take on your own now to protect your ID and your money.
What you need to do
If you applied for a Capital One card in recent years, the hack ought to convince you that it's time to start checking your credit on a regular basis, if you're not already doing that.
Though the company didn't learn of the breach until mid-July, Capital One says its systems were hacked in March. That means for months, your personal information may have been out there — at the mercy of identity thieves.
You're entitled to free annual credit reports from the three major credit bureaus — Experian, TransUnion and Equifax — so be sure to ask for those, and make sure there's nothing suspicious in them.
Anyone with concerns about the Capital One breach also ought to request a credit freeze, which locks creditors out of your credit reports. That keeps fraudsters from opening new accounts in your name.
You need to contact the three credit bureaus to cover all the bases and freeze your credit completely. You used to have to pay fees to freeze and thaw your credit, but the process is free now.
Another important safety step is to change your passwords with regularity, to keep your accounts safe. Always choose new passwords that would be impossible to guess.
Researchers at Britain's National Cyber Security Centre recently said "123456" remains the world's most popular password, and that the word "password" still ranks high, too. (Sigh.)
Use password management software to help you choose more complicated passwords — and help your devices remember them.
Why does this all sound so familiar?
At some point in this story, you may have found yourself thinking: A corporate apology, free credit monitoring, credit freezes — where have I heard all of that before?
It's easy to feel deja vu, or get confused. The news from Capital One comes just days after federal authorities announced a huge settlement over the massive 2017 data breach at Equifax, the credit reporting agency.
That one opened a door on the data of 147 million U.S. consumers, making it bigger than the Capital One hack.
In a possible preview of what's to come for Capital One customers, Equifax is offering victims the choice of either $125 — or 10 years' worth of credit monitoring.
Plus, cash payments of up to $20,000 are available to compensate consumers who lost money or had expenses related to the breach. You can file a claim at EquifaxBreachSettlement.com.