2019 Capital One Cyber Incident | What Happened | Capital One (2024)

1.

What happened?

On July 19, 2019, we determined that an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers and individuals who had applied for our credit card products.

We immediately fixed the issue and promptly began working with federal law enforcement. The outside individual who took the data was captured by the FBI. The government has stated they believe the data has been recovered and that there is no evidence the data was used for fraud or shared by this individual.

2.

How did you discover the incident?

3.

When did this occur?

4.

How do I know if I’ve been impacted?

The outside individual who took the data was captured by the FBI. The government has stated they believe the data has been recovered and that there is no evidence the data was used for fraud or shared by this individual.

We have directly notified by mail the U.S. individuals whose Social Security numbers or linked bank account numbers were accessed. We also have notified all Canadian customers affected. Canadian customers can find more information atwww.capitalone.ca/facts2019orwww.capitalone.ca/facts2019/fr.

5.

Who is responsible for this cyber incident?

6.

Does this incident impact customers from your other businesses?

7.

What is Capital One doing to protect me after this incident?

We have sophisticated fraud systems in place to detect any unusual activity and protect our customers from unauthorized actions.

We have notified by mail the U.S. individuals whose Social Security numbers or linked bank account numbers were accessed. We also have notified all Canadian customers affected. Canadian customers can find more information atwww.capitalone.ca/facts2019orwww.capitalone.ca/facts2019/fr.

Customers are encouraged to enroll in credit card account alerts to help them keep track of activity on their accounts. Customers can sign in to online banking and set up text or email alerts, based on their preferences.

Additionally, we encourage customers to monitor their credit card accounts for unusual or suspicious activity and, if they notice any activity that they do not recognize, to call the number on the back of their Capital One card or on their statement as soon as possible.

8.

I received a call or text from Capital One related to this cyber incident asking for my information. What should I do?

Capital One isnotproactively calling, texting or emailing customers to ask for account information or Social Security numbers related to this cyber incident.

If you have provided personal information over the phone or clicked on the links in a fraudulent email, follow these additional steps:

1. Call us immediately to report that your account information may have been compromised.
2. Sign in to Capital One Online Banking and change your password and security questions.
3. Check your accounts for suspicious activity.
4. Update and run anti-virus software on your computer.

9.

Are there any additional steps that I can take to protect myself against fraud and identity theft?

You can request a free copy of your credit report once every 12 months from each of the three national credit reporting agencies: Equifax, Experian and TransUnion.

• Once you receive your reports, review them for suspicious activity, such as inquiries from companies you did not contact, accounts you did not open, and debts on your accounts that you did not authorize.
• Verify the accuracy of your Social Security number, address(es), complete name and employer(s).
• Notify the credit bureaus if any information is incorrect in order to have it corrected or deleted.

To obtain free credit reports, simply visitwww.annualcreditreport.com, call 1-877-322-8228, or complete the Annual Credit Report Request Form, which can be foundhere, and mail it to:Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.

Additionally, you can call the toll-free fraud number of any one of the three nationwide credit bureaus and place an initial or extended fraud alert on your credit report.

• Equifax: 1-800-525-6285; Equifax Information Services LLC, P.O. Box 105069, Atlanta, GA 30348-5069
• Experian: 1-888-EXPERIAN (397-3742); P.O. Box 9532, Allen, TX 75013
• TransUnion: 1-800-680-7289; Fraud Victim Assistance Department, P.O. Box 2000, Chester, PA 19016

An initial fraud alert stays on your credit report for one year and acts as an alert to potential lenders. An extended fraud alert is intended for victims of identity theft and stays on your credit report for seven years.

10.

I did not receive a notification that my Social Security number or account number were affected, but I remain concerned. What should I do?

11.

Is there a settlement related to this cyber incident?