Emerging Threats

100 million credit card applications were recently exposed, some including Social Security numbers.

Credit card company Capital One Financial Corporation has announced they have experienced a data security incident involving applications for credit card products and current credit card customers. This security incident may affect approximately 100 million people in the United States and approximately 6 million in Canada.

This is a complex security incident, which has affected multiple types of Capital One customers, according to reports:

Consumers and small businesses who applied for one of Capital Ones credit card products from 2005 through early 2019

The information accessed in this security incident included information routinely collected in credit applications: names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income.

Current Capital One credit card customers

In addition to the credit card application data, portions of credit card customer status data was compromised, including: credit scores, credit limits, balances, payment history, and contact information.

This information was obtained based on fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.

Some Social Security numbers and bank accounts were compromised

While there is currently no evidence to believe the exposed data was used for fraud or disseminated to others, some linked bank account numbers or Social Security numbers were taken, including:

  • About 140,000 Social Security numbers from credit card customers.
  • About 80,000 linked bank account numbers for secured credit card customers.
  • For Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident.

In its press release, Capital One stated:

  • They will notify affected individuals through a variety of channels.
  • They will make free credit monitoring and identity protection available to everyone affected.
  • They believe “it is unlikely that the information was used for fraud or disseminated.”

Help protect yourself against identity theft — because prevention is impossible

Whether identity thieves acquire your personal information through a data security incident or by more individualized tactics, once they have your personal information, that means your identity, finances and reputation could be at risk.
Here’s what you can do to proactively help protect yourself and your personal information:

  • Always use strong, secure passwords. Make sure you are using a complex and unique password for each of your online accounts. 
  • Keep an eye on your bank and other financial accounts for unfamiliar activity as often as possible. And if your bank or credit card provider offers text or email alerts, be sure to sign up for those alerts to help spot unfamiliar activity.
  • Check your credit reports on a regular basis. This allows you to see if a thief has attempted to open a new credit card or another account in your name. 
  • If you suspect something is amiss, take action as soon as possible. If you see suspicious or unfamiliar activity, contact the financial institution involved immediately. If your information was stolen in a data breach, let them know that, as well.
  • Only visit secure sites. Reputable sites begin with https://. The “s” is key. This is especially important when entering credit card or other personal information. 
  • Consider a digital safety solution such as NortonTM 360 with LifeLockTM to help protect your devices, online connections, and identity. 
  • If you detect unusual activity in your bank or credit accounts, call the number on the back of your debit or credit card. 
  • With all the recent news about the incident, this can increase the possibility of phishing emails and calls related to the breach. Therefore, it is important to beware of identity thieves and cybercriminals posing as Capital One employees or as agencies that will help you. Capital One will not call customers asking for credit card or account information or Social Security numbers over the phone or via email.

This is a good reminder that sometimes people with a compromised identity do not immediately detect the signs of identity theft. It’s possible for months or years to pass without knowing that someone is harming your credit or financial reputation.

The bottom line: Do what you can to help protect your personal information from being lost, stolen, or otherwise compromised. But recognize that the security of your information is only as strong as the weakest link in a chain that includes the many businesses, government agencies, and other entities with which you interact. And remember, in the end, no one can prevent all identity theft or cybercrime.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.