In Boston, Customers Are Processing Massive Capital One Data Breach

On Tuesday morning, Walter Hairston had just finished withdrawing some cash from a Capital One ATM in downtown Boston when he found out about the hack.

The Virginia-based banking company said Monday that information from more than 100 million credit card customers and applicants had been accessed earlier this year by a hacker, including personal information and thousands of Social Security and bank account numbers.

Although Hairston has a Capital One checking account, not a credit card, he said the fact his bank was hacked makes him “anxious.”

"I think I’m getting ready to eliminate this one here," said Hairston, who said he might consider moving his money to another bank.

It's the latest high-profile hack in a string of consumer data breaches in recent years.

"It's just like, 'well, it's another one,' " said Faye Magler said, who was visiting Boston from Idaho. She received an email from Capital One notifying her of the breach.

Magler said she wasn't too concerned if some of her information was taken, like her name, but she worried her address and credit history might have been compromised.

"I’m assuming that mine wasn’t one of the ones, or I’m hoping," she said.

Consumer advocates are urging Capital One customers to freeze their credit reports, by going online or calling one of the three big credit bureaus — Equifax, Experian or TransUnion.

“This is the latest of many, many breaches of our personal and sensitive financial data,” said Chi Chi Wu, staff attorney for the National Consumer Law Center in Boston. “At this point, consumers should realize there's a pretty good chance that your information — your Social Security number, date of birth — might be out there in the hands of hackers."

Wu recommended consumers freeze their credit reports, too.

Freezing a credit report prevents anyone from opening up new accounts fraudulently. Experts also have been urging consumers to monitor their accounts for suspicious charges — and then report them to their banking institutions.

“You have protections under the law,” Wu said. “Any unauthorized transaction over $50, you're protected.”

In 2017, Equifax reported one of the largest data breaches ever. The personal information of 147 million people — or roughly half the country — was exposed. The Atlanta-based company agreed to pay about $700 million in a settlement with regulators.

Capital One said in a statement that it is offering free credit monitoring and identity protection to affected customers.

“Safeguarding applicant and customer information is essential to our mission and our role as a financial institution,” the company said in its statement. “We have invested heavily in cybersecurity and will continue to do so. We will incorporate the learnings [sic] from this incident to further strengthen our cyber defenses.”

The FBI said it arrested Paige Thompson, 33, a Seattle-area software engineer, in the enormous hack.

Capital One said the investigation is ongoing. About 140,000 Social Security numbers of credit card customers were affected, as well as 80,000 bank account numbers, the company said. No credit card account numbers or log-in credentials were accessed, Capital One said.

In addition to the 100 million U.S. residents hit in the hack, 6 million Canadians were affected.