Posts

Capital One, Who’s in Your Wallet?

Announced Monday, July 29, 2019, a Capital One Data Breach puts 106 million consumers at risk. The credit card company released a statement citing “unauthorized access by an outside individual” that occurred in March of 2019, as the cause of data breach. The breach puts consumers at risk who applied for a credit card with Capital One and their existing customers. The company approximates that 100 million Americans and 6 million Canadians’ information was exposed.

Small businesses and individuals were victims in the Capital One data breach with information disclosed including name, address, date of birth, email address, credit scores, credit limits, payment history, and balances. Roughly 80 thousand linked bank account numbers of credit card customers were also exposed. Capital One reports that no credit card information was compromised. They also say 99 percent of Social Security numbers (Social Insurance numbers for Canadians) were not exposed, although 1 percent of 106 million is still 1.06 million affected consumers between the U.S. and Canada.

Take Action Now

If you are a victim of the Capital One data breach, the company has announced it will “notify you through multiple channels.” Lacking specifics, Identity Theft Resource Center suggests taking a proactive approach if you think you could be a victim of the breach.

Freeze Your Credit

This includes steps like freezing your credit report and checking financial statements. Try logging onto your account to see if there are notifications regarding the breach waiting for you.

Be Aware of Scams

Also, be wary of anyone calling in regards to the breach and asking to collect personal information. Capital One is not notifying victims via phone and asking for Social Security numbers or financial information, if someone contacts you in this regard it is a scam.

Document Your Steps

Also, start documenting your activities utilizing the ITRC’s ID Theft Help App – that way if you need to provide the documentation on what you’ve done in the future, you have recorded the time and effort you’ve spent.

While there is no proof that the compromised information has been used to commit identity theft or fraud, there is no time limit on identity crime. Millions of user information has been exposed, and there is no taking it back from the hacker or the places she chose to distribute it. The victims of the Capital One data breach will be offered credit monitoring and “identity protection” at no-cost, but the company does not offer details on the length or terms of these services.

The credit card company says the data breach was allowed by a configuration vulnerability and they have since fixed the issue. Capital One also worked with the Federal Bureau of Investigation (FBI) and the alleged hacker has been arrested, an unusual event compared to most data breach cases.

Sign Up For Identity Theft and Data Breach News

Sign up for the TMI Weekly to stay in the know about potential threats to your identity/privacy and tips to keep you safe. Our monthly breach alert keeps you posted on the latest trends and activity in the world of breaches.

Free Identity Theft Assistance

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

This news is currently evolving and we will update as announcements are made available.  


You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

By Eva Velasquez, CEO & President of Identity Theft Resource Center

The Equifax data breach of 2017, exposed the personal identifying information of over 148 million Americans. One Hundred Forty-Eight Million. To not be affected by, or know someone affected by the breach was nearly impossible. The data exposed was some of the most personal, like Social Security numbers, full credit histories, financial account information and names and addresses. The breach had a strong negative impact and broke consumers’ trust. Equifax – one of the three main credit reporting agencies (CRAs) – was widely regarded as a dependable company and a necessity to work with to be able to secure lines of credit. Americans gave them personal information in exchange for a necessary service, and Equifax failed to protect them.

Now, an Equifax data breach settlement has been reached in the case of the 2017 incident. The credit reporting agency will pay up to $700 million, the largest breach settlement to date. The funds will be split between paying civil penalties and compensating victims. While a large amount of dollars dedicated to Equifax’s efforts to correct their wrongs can be seen as a good thing, the way these dollars will be dispersed among the effected population is relatively unclear.

At least $300 million and up to $425 million of the settlement will go toward victim redress. This includes providing free credit monitoring, reimbursing victims who paid out of pocket to protect or recover their identity and offering identity recovery services. However, the weight will still be placed on the consumers. Victims will have to file a claim, a process that still has not been disclosed, to receive any of the compensation pool. For now, the Federal Trade Commission is recommending that victims save all physical evidence of efforts to secure their identity because of the Equifax data breach and sign up for email updates. Putting the burden of proof on the consumer, not the company responsible for the breach.

Many questions remain: What victims will qualify for reimbursement? How will victims provide accurate evidence of their efforts and misfortunes? Is this fund only for victims who purchased identity theft services? What is the option for victims who did not have the resources then or now to purchase paid services or avail themselves of free services like those Identity Theft Resource Center provides?

Read next: How to File an Equifax Claim for Data Breach Settlement

If all victims filed claims and funds were distributed equally to all 148 million people, each would receive fewer than $3.00 in funds or cost of assistance. This does not accurately reflect the true value of the data that was compromised. Additionally, while the free credit monitoring services offered can span up to 10 years – a large increase from the historical settlement of 1-2 years – identity theft has no expiration date. The threat of identity theft does not decrease as more time passes from the date of the breach. The victims are perhaps more vulnerable as time goes on and they become less diligent in reviewing potentially affected accounts. Personal identifying information can be used to commit identity theft or fraud no matter the date it was exposed. There is no timeline for identity theft, but there is a cap on how many years Equifax will provide free services to victims per the settlement.

The other $275 million of the settlement will be used to pay civil penalties – $175 million to 48 states, Washington D.C. and Puerto Rico and $100 million to the Consumer Financial Protection Bureau. We believe the best use of these dollars would be funding consumer assistance programs within these organizations to continue to help victims of this and other data breaches.

In addition to the monetary payout, the settlement also requires Equifax to comply with more rigorous security standards. While this is not as flashy as a large dollar amount, it is perhaps even more important. It is the industry saying we need to hold our companies more accountable for the privacy of consumers. These standards include regular audits, dedicated staff for security and third-party safeguards. While a step in the right direction, companies must remember the speed of which the industry changes. The best security standards by today’s measures might be the worst a year from now. We must continue to petition businesses to protect consumer privacy and urge consumers to take the necessary precautions to minimize their risk of identity theft and fraud.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us.

If you are a member of the media and would like to contact ITRC regarding the Equifax breach, please email media@idtheftcenter.org.

For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How to File an Equifax Claim for Data Breach Settlement

New Tool Helps Consumers Make Sense of Data Breaches

How To: Place a Free Credit Freeze

In 2017, criminals accessed Equifax’s database of consumers exposing the personal identifying information of over 148 million Americans. Equifax, one of the three main credit reporting agencies (CRAs), noted that Social Security numbers, addresses, birth dates and credit card information were all apart of the information exposed. This data breach created an increased risk of identity theft for millions of Americans. Now over two years after the breach was reported, a settlement has been reached. Details are still emerging but it’s important to understand the basics of what we know today.

The Equifax settlement agreed to pay up to $700 million dollars for harms caused by the data breach – the largest monetary settlement in data breach history. In the settlement, filed on July 22, 2019, Equifax agreed to spend up to $425 million to help the victims of its 2017 data breach. An additional $275 million will be spent to pay civil penalties. Also included in the Equifax settlement is the requirement to update security protocol and increase measures to protect consumer information.

If your information was exposed in the data breach, Equifax should have notified you directly via mail. A part of the settlement, a new breach claim site will also have a tool for consumers to check if their information was exposed. If you were affected by the breach, the Equifax settlement is offering certain benefits to minimize your risk of identity theft.

Settlement Benefits for Victims

First, Equifax will provide a total of up to 10 years in free credit monitoring services. The first 4 years will be provided for all three major CRAs – Equifax, TransUnion and Experian. Then Equifax will provide the services for monitoring their report for an additional 6 years. If you were a victim of the breach and a minor, even more services are available at no cost. If victims choose to opt-out of the free credit monitoring option, they may be eligible for a $125 cash payment.

Second, victims who have already dedicated resources to protecting their identity because of the Equifax breach could be reimbursed up to $20,000. This includes time spent protecting your identity or efforts to recover it. It also includes any money spent like the cost of lawyers or fraudulent financial charges. It’s unclear what the specifics behind how to obtain this reimbursement, but consumers will most likely bear the burden to prove the impact in order to receive compensation.

Finally, if you did fall victim to identity theft because of the breach Equifax is providing free restoration services. These services are offered for up to seven years and can be used if someone steals your identity or if you are a victim of fraud. Again, it’s unclear how consumers will have to prove that they were directly victimized as a result of the breach, but as details emerge we will share information.

As of July 24, 2019, the settlement administrator is now accepting claims. The deadline to file a claim is January 22, 2020. Find the full details here: https://www.equifaxbreachsettlement.com/

Read our guide on How to File an Equifax Claim for Data Breach Settlement

Beyond the financial impacts of the breach, nearly 90 percent of respondents said they experienced adverse feelings or emotions within one year of the initial event as reported in The Aftermath: Equifax One Year Later study by Identity Theft Resource Center.

Stay Updated with Alerts

The Federal Trade Commission (FTC) says the settlement is still in process and claims can be made after court approval. The FTC is regularly updating information as it becomes available at ftc.gov/Equifax.

Steps to Reduce Your Risk

Being a victim of the data breach does not automatically make you a victim of identity theft; however, it does greatly increase your risk. There are some steps ITRC recommends that can reduce your risk of identity theft. You can also call to speak with one of our expert advisors at no-cost at 888.400.5530 or livechat to learn more about your risk and preventative measures.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

When it comes to a credit freeze, consumers have to ask themselves when they should take this step, and why. The “when” is easy… the answer is NOW. There are very few reasons to leave your credit report unfrozen, all of them stemming from your life circumstances that involve high-volume spending, the need for new accounts or other similar, limited situations.

But “why”, is a little more difficult to explain. Your credit report is the document that gives lenders an idea of what kind of borrower you are. It contains lengthy information on your previous spending and payoffs, your open lines of credit, the amount of debt you carry, and more. However, this report is also the tool that lenders need in order to issue you a new account or line of credit; no report, no new credit card or car purchase.

It’s easy to see how blocking access to that report can prevent new lines of credit from being issued, and that goes a long way towards protecting you from fraud if someone steals or fabricates your identity. When the criminal applies for a new credit card, home utilities, a car or other similar account, the credit report will come back to the lender as “frozen,” essentially blocking the account.

This is one of the strongest measures consumers can take to help reduce their risk of financial identity theft. There are other ways your personally identifiable information fall into the wrong hands can harm you, but new account fraud is one of the easiest but most devastating scenarios. At the same time, there are not many other actionable steps consumers can take that can have this much of an impact on identity theft and fraud.

Remember when we said you should do it right now? There’s never been a better time. New legislation goes into effect this week that will remove the fees associated with freezing and thawing your credit report. Even though it takes time to “thaw” should you need it (a few business days, typically), you will no longer have to pay a fee for protecting your credit report this way. All three of the reporting agencies—Experian, Equifax, and TransUnion—will no longer charge this fee thanks to legislation that was passed after the Equifax data breach.

In order to freeze your credit, here are a few steps to take. While you handle that, remember that you’re also entitled to one free copy of your credit report from each of the three major reporting agencies every year. You don’t have to request them all at once, though, so you can stagger your requests a few months apart and get a look at your credit report all throughout the year.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

Info Sheet: Credit Freeze Laws for Protected Consumers 

To date, 33 states have passed laws for allowing consumers to place a freeze on credit reports for protected consumers.  The definition of a protected consumer differs by state but generally includes children under 18 years old or children under 16 years old, and any individual who has a legal guardian or conservator.  While most states allow you to place a freeze if a credit report already exists due to identity theft, the following 33 states will allow you to create a credit report for your child proactively when no credit report exists, then freeze it:

  1. Arkansas
  2. Arizona
  3. California
  4. Connecticut
  5. Delaware
  6. Florida
  7. Georgia
  8. Hawaii
  9. Illinois
  10. Indiana
  11. Iowa
  12. Kansas
  13. Kentucky
  14. Louisiana
  15. Maine
  16. Maryland
  17. Michigan
  18. Minnesota
  19. Montana
  20. Nebraska
  21. New York
  22. North Carolina
  23. Ohio
  24. Oregon
  25. South Carolina
  26. South Dakota
  27. Tennessee
  28. Texas
  29. Utah
  30. Virginia
  31. Vermont
  32. Washington
  33. Wisconsin

The National Conference of State Legislatures has a chart that lists each state and the corresponding laws/fees.  Please note that most states allow for no fees if the individual requesting a freeze (or his/her parent or guardian) can prove he/she is a victim of identity theft.  If you have questions about checking to see if your child has a credit report and how to freeze a report with each credit reporting agency, read our how-to here.

Due to Senate Bill 2155, as of September 21, 2018 residents in all 50 states will be able to place a credit freeze on their, and their child’s, credit report and request that a credit report for a protected consumer (which includes children under the age of 16) be created and frozen if a credit report does not exist.

This info sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to itrc@idtheftcenter.org. Copyright, Identity Theft Resource Center®, all rights reserved.