Capital One Data Breach: What You Need to Know

All you need to know about the capital one data breach

It’s become such a common news story that it sometimes gets lost in the headlines, but once again U.S. consumers are confronted with another massive security breach potentially compromising their personal information.

On Monday, Capital One announced a data breach involving more than 100 million people. This breach compromised information such as Social Security numbers, credit scores and credit card transaction data.

According to the New York Times, the incident led to the arrest of a 33-year-old woman in Seattle. Federal prosecutors charged Paige A. Thompson, aka “erratic, ”a former software engineer with Amazon Web Services, faces charges including computer fraud. 

This latest breach was revealed the same time the Equifax Data Breach was being settled in court. On July 19, Brian Krebs reported that Equifax agreed to pay at least $650 million to settle lawsuits stemming from a 2017 breach that let hackers swipe the data of 148 million Americans.

What is a Credit Card Data Breach?

It’s best to start at the beginning and deal with the basics. The credit card industry reports that a data breach occurs when hackers steal credit card information that could be used to commit fraud or identity theft. But what credit card data is needed for breach? Data breaches occur at computing choke points where financial data must pass, and hackers break into those points to access the data.

What Happened with Capital One?

Capital One Chairman and CEO Richard D. Fairbank stated that he would like to sincerely apologize to customers:

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened.” 

Richard D. Fairbank, Capital One CEO

According to the Times, more than 140,000 social security numbers and 80,000 bank account numbers of U.S. clients were compromised by Thompson. 

The breach was possible in part because of a security lapse by Capital One. But it was aided by Thompson’s expertise as a software engineer. Information posted on social media shows she worked at one time for Amazon which is the same server business that court papers said Capital One was using.

The F.B.I. reported  that Thompson gained access to the sensitive data through a “misconfiguration” of a firewall on a web application. Amazon Web Services hosts the remote data servers companies use to store their information, but large companies like Capital One build their own web applications on top of Amazon’s cloud data.

This isn’t the first time Capital One’s data has been breached. A comprehensive Capital One Data Breach List looks like:

  • 2019 Capital One Data Breach: Seattle woman hacks data through a misconfigured firewall in a web application.
  • 2017 Capital One Data Breach: A former employee may have had access for nearly four months to their personal data, including account numbers, telephone numbers, transaction history and Social Security numbers.
  • 2014 Capital One Data Breach: A similar breach to the 2017 incident involving an employee in 2014.

The understandable worry this incident incited in the U.S. prompted Capital One to quickly update their website. Fairbank reported that the result of the breach was no credit card account numbers or log-in credentials were compromised. 

The company’s system for fraud alert prompted Captial One to move quickly and work with federal law enforcement. They don’t believe any information was used for fraud. And Capital One was able to fix the vulnerability and once again their system is able to keep customer information secure.

What to do After a Data Breach?

Continental Finance understands the fear and worry that data breaches cause. You work hard to build your credit, maintain your finances, and pay your bills on time. Having your identity, your data, and your money compromised by cyber-thieves using loopholes in the system is scary.

But there’s a checklist of things you can do to be pro-active as well to help guard yourself against these data breaches after they happen. Our easy 5-step checklist is:

Step One, Monitor Your Credit Reports: The major credit reporting agencies (Equifax, Experian, and TransUnion) provide free credit reports once per year. They also are aware of major data breaches. So if you’ve checked your report in the past 12 months, place a fraud alert on your account and get a free credit report. If you’ve not checked in the past 12 months, now is the time to get that free report.

Step Two, Initiate a Credit Freeze: A credit freeze means the credit bureaus can’t release your credit report or any other information in your file without your authorization. This stops thieves cold.

Step Three, Consider Identity Theft Protection: You can take credit monitoring a step further by getting a credit monitoring service. These services give you alerts on inquiries about your personal information, like the kind of data taken in data breaches.

Step Four, Protect Your email: Your email address and password are black market and dark web currency for identity thieves. This is how cyber crimes happen. So be sure to change your password to enhance your security and make it harder for criminals to take your identity. Consider multiple factor authentication for your most often used accounts.

Step Five, Be Aware of Scams: Often people wonder how is credit card information dealt after a data breach. A lot of times the companies report that no financial data was taken. So why the worry? Scams. The breach is just the first step for many thieves. Your information is taken and dealt to others, who then use it for scams, be it a Nigerian prince or a free cruise or the IRS telling you that you need to click a link. Stay vigilant!

Keep this information handy by downloading the Continental Finance Infographic on Data Breach Protocol:

What to do after a data breach

Who Regulates Credit Card Data Breach Procedures?

You may have noted that the Capital One data breach was handled by the FBI. The question of who deals with the consequences of a data breach often arises. Is it a state matter or is it federal?

It’s an ongoing process of oversight that is continuing to evolve. As with most other crimes jurisdiction depends on many variables. With a large entity like Capital One the data breach crossed state lines, and international borders. This definitely became a federal matter.

The Federal Trade Commission is a resource for the United States’ guidelines on privacy and data security.

Big News from Continental Finance Coming Soon

With the steady increase in data breaches, and the rise of fraud related to identity theft, Continental Finance is working on expanding its services. We hope to announce a major new product related to this specific issue in the very near future. Continental Finance cares about its customers and wants to ensure it protects your account with the latest and most advanced security measures possible.

People Also Read

Continental Finance is one of America’s leading marketers and servicers of credit cards for people with less-than-perfect credit. Learn more by visiting

Author: Greg Knotts

Greg Knotts is the VP of Marketing, CDMP, at Continental Finance Company, LLC in Wilmington, DE. A persuasive and results driven leader, Greg has more than 20 years experience in marketing, operations, relationship management, sales and business development in the credit card industry. He spearheads the Continental Finance Blog and leads the company mission to help cardholders everywhere rebuild and restore their credit through the variety of educational resources, articles and graphics the blog provides each week.