Skip to main content

If you needed yet another nudge to start keeping an eye on your credit report to protect against identity theft, Capital One has delivered it with its announcement that a data breach has exposed the personal information of 106 million of its credit card customers and credit card applicants in the United States and Canada.

News of the Capital One breach comes just one week after the Federal Trade Commission announced that Equifax agreed to pay up to $700 million to settle a lawsuit brought by the FTC, the Consumer Financial Protection Bureau, and 50 states and territories, stemming from the credit reporting giant’s 2017 data breach, which affected about 147 million people.

In the Capital One breach, 100 million people in the United States and 6 million in Canada were affected. According to the bank, most of the stolen information came from the credit card applications of consumers and small businesses. The information includes names, dates of birth, addresses, phone numbers, and more, all from applications filed between 2005 and early 2019.

For credit card holders, the stolen information includes credit scores, credit limits, balances, payment history, contact information and some transaction data. The bank says the hacker also stole about 140,000 Social Security numbers, 80,000 linked bank account numbers of secured credit card holders, as well as the Social Insurance Numbers of about one million Canadians.

Capital One has posted information about the breach and says it will notify the people affected and offer them free credit monitoring and identity protection services. However, whether or not you were affected, there is no time like the present to check your free credit report and take other steps to protect against identity theft.

Check out these articles to read the basics about credit reports and credit monitoring. And one more thing: a data breach is a magnet for scammers. Be alert to emails and calls pretending to be from Capital One or the government. Neither the bank nor the government will send an email or call you to ask for credit card or account information or your Social Security number.

Visit to learn more about protecting yourself after a data breach.

Time to check your credit report

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

Bibi 07
July 31, 2019
Sad to see again the same data /privacy breach problem, with high risk of IDTheft.. We badly need stronger laws and fines to control all commerce (hotels, online sales, banks, credit card companies etc...) ; their marketing do every thing to "bait" us,starting with "you are pre-approved letters" and offer a bonus to join or refer a friend. We receive every 3 weeks fancy-looking mail from Capital One to offer their MC card ; and threw all in the garbage. Our privacy is being invaded; we need good steel doors and good locks .
Concern citize…
August 01, 2019

In reply to by Bibi 07

Don't throw it in the garbage make sure to take all personal information from this papers before you do that, I hope that is what you are doing Concerned
Tired of Being…
August 02, 2019

In reply to by Bibi 07

Looking at the recent Equifax compensation situation, I would like to see laws requiring these large companies to automatically contact each customer and provide a fixed punitive payment based on the amount of information they held and a multiplier for the lack of due diligence to protect that information.
July 31, 2019
It’s disgusting how easy it is to have our personal information stolen and even more so that the breached organizations offer nothing more than free credit report monitoring. I’d venture a guess that 99% of this country is already receiving free credit monitoring. Big deal
August 01, 2019

In reply to by Madinusa

Good point, it seems like companies think that by offering free credit monitoring services it solves the problem. You're right, at this rate every person in USA and Canada will have free credit monitoring soon.
August 03, 2019

In reply to by Madinusa

Most breaches begin with an email with an infected payload or a malicious web link. All that is required is for a single user to make a mistake and click the link or open the attachment. Their credentials are harvested, giving the bad guys the ability to access the network as a trusted user. The human factor is generally the weakest link.
Very Annoyed
July 31, 2019
Reference: " everyone should get a copy of their credit report "- I do this every year. I use a public computer, so I call the toll-free number, give my info, etc. This year the 2 reports never came. I sent notes on-line and called the particular agency, they told me to send a copy of my ss#. I will not. So if I call again I don't know if I will be charged because this would be my 2nd request. Also, I chatted with I believe Equifax about this on line and I could tell that the person had a very poor understanding of the English language. So, getting a copy of one's report is easier said than done. Thank You.
Gianni B
July 31, 2019
Get it together already!
Forensic 1
July 31, 2019
FTC Staff
August 07, 2019

In reply to by Forensic 1

You don't have to decide if your Capital One information was hacked before you decide what to do about the Equifax breach.

If your information was exposed in the Equifax breach, you can file a claim. Go to to read about the benefits you could claim. There's a blue button at the top of the FTC page that takes you to the settlement website where you file a claim.


August 01, 2019
I just tried to obtain all 3 of my credit reports through the Annual Credit Report site, but was only able to obtain TransUnion. Both Experian and Equifax said that I must request my report via mail including all of my private information (copies of social security card, drivers license, etc.). That makes me extremely uneasy as well as the cost of photocopying my private information to obtain something that is supposed to be free. Who do I turn to for help?
August 01, 2019
I'm already getting free credit monitoring for 10 years from Equifax. I deserve financial compensation from a direct credit card company that I make payments to faithfully every month. In this day and age there is no excuse for this to keep happening.
August 02, 2019
Technology will be the demise of the world, congress need to pay more attention to this issue
August 02, 2019
This is the third company my personal information has been compromised. I already have Identity Protection and I put a credit freeze with each credit companies. My info is floating around the dark web plus the unwanted phone calls never cease even tho I tell them all to remove my number. Yet, my info is being sold to scammers and the only offer companies give for their incompetence is ID Monitoring and Protection? Gee thanks a lot
August 16, 2019

In reply to by vilomah

And as yet another breach occurs, Equifax, Oregon DHS, and more I have to wonder what the benefit of having yet another free offer for credit monitoring will accomplishment. As others have shared, we need more due diligence on the front end instead of a seemingly endless "compensation" of credit monitoring on the backend. Consumers need companies to better protect our information and when breached, be better prepared to actually compensate clients beyond yet another free credit monitoring opportunity. Free credit monitoring on top of free credit monitoring on top of free credit monitoring -- well, seems redundent for clients and a time of abundance for the credit monitoring companies - who are being paid to prpvode our free credit monitoring. At this point, throw some monetary compensation my way.
August 03, 2019
Freeze your credit. It’s the only sure way to protect it. And it’s free.
August 07, 2019
After the breach allegedly undiscovered for months I received a notification of a collection agency whom purchased a alleged account from Capital One and I was being Sued in Magistrate Court (PA) . I filed a intent to defend and on the Eve of the Court date I wad notified they were withdrawing ( the Junk Debt Buyer/Law Firm) the charges ? Now has there been any reports of Capital One "Dumping" alleged accounts in arrears just prior to the release of the Breach ? It would be after the Breach but before it was "Noticed'
August 12, 2019
In a span of 2 month, LabCorp, (medical company) Equifax, and now Capital One, has exposed my information. I have free credit monitoring still from when TJ Maxx, and Target exposed my information. You would think these companies would have better practices in place. The 700 million the Equifax got sued for where is that money going? They should be using it for better security factors.
September 02, 2019
I mean this is out of control. My identity gets stolen twice a week and my small business suffers. I really would like the Government to shut down Bit Coin, Pay Pal, EBay, anything which steals information.
September 14, 2019
More and more businesses are asking for my social security number and my banking account numbers. Most of the rental properties in Arizona are asking for this information and will not rent to you if you don't give it to them. Making matters worse, they use third party businesses that (if you read the disclosure) do not accept responsibility for data breeches or loss of money. There is no reason to give them your social security number, but it is easier for them to track you down if you don't pay your rent and leave. Meanwhile, you can't rent if you don't give them this information and there is nothing illegal about it. Stronger laws all around is what is needed. Contact your representatives.
October 30, 2019
Capital one denied all claims I submitted saying none are fraud. 49 incidence since 2009 it's bs