The company is working with customers after the latest large data breach in the U.S. caused by unauthorized access to Capital One’s systems.
7/30/2019 12:00
Capital One is responding to a data security breach related to the personal information of credit card applicants and credit card holders in an unfortunate incident that impacts about 100 million U.S. consumers and six million people in Canada, according to the company’s news release. In response to the increased rate of breaches experienced by numerous companies to include retail stores and other well-known, respected organizations, federal and state legislators have stepped up efforts to enact data privacy protections.
The Capital One data breach is a reminder for accounts receivable management industry companies to review their policies and procedures related to protecting their systems in the event of a data security incident. ARM companies should also consider developing a rapid response plan should a breach occur impacting their systems.
Meanwhile, Capital One is reporting that credit card account numbers and log-in credentials were not compromised, and “over 99 percent of Social Security numbers were not compromised.”
However, about 140,000 Social Security numbers of Capital One credit card customers were among those impacted as well as about 80,000 linked bank account numbers of secured credit card customers.
“The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019,” Capital One reports. “This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.”
It is notifying consumers impacted by the incident in various channels and offering free credit reporting and identity protection to everyone affected.
According to Fox News, Seattle software engineer Paige Thompson, 33, was charged with one count of computer fraud and abuse in relation to the breach.
“Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate,” Capital One reports.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Richard D. Fairbank, chairman and CEO, said in a news release. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Federal data privacy legislation, a priority in the 116th Congress, appears to be one of the few bipartisan issues with at least partial agreement between the U.S. House and Senate.
The California Consumer Privacy Act (CCPA), which takes effect Jan. 1, 2020, and the European Union’s General Data Protection Regulation (GDPR) both provided consumers with control over how businesses collect and use their personal data.
Currently, among several issues being discussed, a key question is whether any new federal privacy law would pre-empt state laws or coexist with them, reports ACA International Vice President and Senior Counsel of Federal Advocacy Leah Dempsey in Collector magazine.
The U.S. House is on recess until after Labor Day and the Senate is wrapping up business on Capitol Hill this week before its August recess, a good time to connect with legislators about their response to these issues.
In the meantime, to ensure sound procedures at your company, conduct a risk analysis, manage business associates and vendors with access to your systems, always document policies and procedures and provide regular training. Read more data security tips in the articles below and check ACA International’s online education and events calendar for webinars on this topic.
Related Content from ACA International: