A major hack at Capital One (COF) has exposed the information of roughly 106 million consumers in the U.S. and Canada. Data from the breach includes everything from 140,000 Social Security numbers, addresses, birthdays, and more.
It's another in a long list of data leaks that have hit consumers over the past few years, and it won't be the last. Fortunately, there are a few relatively simple things you can do to protect yourself in the event you were impacted by this latest breach.
What was stolen?
There's good news and bad news about this hack, as professor of computer science and engineering at the NYU Tandon School of Engineering Justin Cappos explains it. The good news is that credit card numbers themselves weren't stolen.
The bad news is that Social Security numbers and bank account numbers were stolen, which means that while the data can't be used to purchase items right away, it can be used to open up new lines of credit using victims' information.
Whose fault was this?
According to reports, the hack was a result of a misconfigured setting in an Amazon Web Services application that allowed the hacker to gain access to Capital One user data. To be clear, this wasn't a flaw in Amazon’s (AMZN) AWS, but was an issue with how Capital One left its security settings.
What can you do?
Watch for alerts from Capital One
Capital One is reaching out to consumers they know have been impacted by the breach. The company, however, says that consumers shouldn't reply to emails directly, as there is likely to be an increased number of phishing attempts related to the leak. Instead, you can contact Capital One through its dedicated email or else call the bank.
Sign up for a credit monitoring service
Credit monitoring is being provided to customers affected by the breach, which will help prevent anyone from opening an account in your name. That's especially important in this particular hack.
If you're not impacted by the Capital One breach, you should still sign up for a credit monitoring service. There will inevitably be another leak or hack of this nature in the future, and you're better off protecting yourself before it happens.
Set up alerts on your credit cards
While no credit card information was stolen in this hack, if you've got an existing credit card, it's always better to have push notifications set up to alert you whenever a purchase is made. Alerts ensure that you know when your card was used in any transaction, which can help you cut off fraudsters before they can do any serious damage to your accounts.
Many credit card companies offer a variety of alerts including via email, text, or push alerts from their apps. Setting up all three might seem like overload, but it will virtually guarantee you know when your card is being used.
Check your credit card statements
Checking your credit card statements should be something you do more than once a month. As Indiana University vice president for research and professor at the IU Maurer School of Law Fred Cate explained, if you detect a fraud within 30 days, you're not responsible for paying the bill.
And while extravagant purchases are easy to spot, small charges can also lead to big headaches. That's because identity thieves often make small purchases to ensure that a credit card is active, Cate said.
Freeze your credit
This might sound like an extreme measure, but in reality, freezing your credit is far easier than it once was. In fact, you can freeze your credit and unfreeze it online in a few steps.
Cate explained that everyone should freeze their credit if they want to ensure they don't end up victims of fraud.
"This is safe sex, this is dental hygiene — freeze your credit report," Cate said.
To freeze your credit, you'll have to reach out to the three nationwide credit monitoring agencies, Equifax,TransUnion, and Experian. You can find information about freezing your credit at their respective websites.
The sad truth of our connected age is that another breach like this is bound to happen. Security experts recognize that the bad guys are always one step ahead of them. So the best way to fight back is to ensure you are as protected as possible.
More from Dan:
Email Daniel Howley at firstname.lastname@example.org; follow him on Twitter at @DanielHowley.