What’s in someone else’s wallet may not be Capital One’s advertising slogan, but it may describe your personal information following the disclosure of a major data breach at Capital One affecting more than 100 million of its American customers and 6 million of its Canadian customers.  Capital One is the third biggest credit card issuer in the United States.  The stolen information was contained in credit card applications that were accessed, according to court records, by Paige A. Thompson who formerly worked for Amazon Web Services which hosts the Capital One data base.  Thompson has been arrested and charged with computer fraud.  The most sensitive information stolen was a million Canadian Social Insurance numbers which are the equivalent of American Social Security numbers.  Court records indicate that Ms. Thompson also stole 140,000 Social Security numbers.  According to the FBI, Ms. Thompson was able to obtain the sensitive data by exploiting a misconfiguration of a firewall on a web application that enabled her to access the server used by Capital One to store the data.


Capital one has indicated that it will be contacting affected customers and offering free credit monitoring.  I will continue to update you as to future developments in this matter.

So what can you do now to protect yourself from not only this data breach, but other data breaches that will inevitably occur.

If you have not yet frozen your credit with each of the three major credit reporting agencies, Equifax, Experian and TransUnion, you should do so now to protect yourself from possible identity theft. it is free and easy to do.

To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:

One of the biggest lessons from the myriad of data breaches is to make sure that you use unique passwords for every online account that you have in order to avoid having a sensitive account, such as your online banking account compromised because you use the same password as you do for another relatively meaningless account that had poor security which led to a data breach in which your password was stolen.

Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Also, with your email address commonly known by many scammers, you can expect to receive more phishing and more dangerous specifically targeted spear phishing emails that attempt to lure you into clicking on links containing malware or try to convince you to provide personal information that can be used to make you a victim of identity theft.  Never click on links or provide personal information in response to an email or text message unless you are absolutely sure that the email or text message is legitimate.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”