106 million individuals had their data compromised by the Capital One credit card breach.

A smaller number — 140,000 customers — had their Social Security numbers swiped.

Security experts recommend taking a few immediate steps, such as freezing your credit and upping your security process.



If you're among the 106 million individuals who hold a Capital One credit card or who applied for one, your personal data — including self-reported income and birth date — could be in the hands of scammers. Experts recommend taking the five steps below to keep your finances safe.

Capital One disclosed on Monday that a hacker gained access to the personal information of over 100 million individuals applying for credit. Among those, 140,000 customers had their Social Security numbers stolen, and about 80,000 had their linked bank account numbers swiped, Capital One said.

While the McLean, Virginia-based bank said Monday it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator, that means scammers could already have had several days of access to your data. Yet there have been so many data breaches at all kinds of companies and institutions over the past few years that you should assume your data is already available to scammers, they add.

"Whether it was this breach, the Equifax breach, Marriott, Target, Home Depot ... there have been so many that you need to assume your personal data has already been compromised," said CreditCards.com industry analyst Ted Rossman in a statement. "This surely won't be the last, so take defensive actions now."

Get Breaking News Delivered to Your Inbox

Below are immediate steps security experts recommend for limiting the potential damage that fraudsters can wreak on your finances.

1. Freeze your credit

Security experts are unanimous that a credit freeze is an essential step to protect your data and halt scammers from creating fake accounts in your name.

Freezing your credit at the three credit-reporting bureaus is now free, and can be done online or over the phone. You'll need your name, address, date of birth, Social Security number and other personal information, according to the Federal Trade Commission. Each credit bureau will give you a PIN, which you can then use to lift your freeze when you need to apply for credit, such as a mortgage or a car loan or a new credit card.

Here are the links to where you can freeze your credit at the three credit-reporting agencies:

"This is the best way to prevent a criminal from opening an unauthorized account in your name," Rossman said. "Unfortunately, only about one in four U.S. adults have frozen their credit."

Security experts note that a freeze is much more effective than a fraud alert. Credit freezes don't affect your credit score, but they prevent loans and other services from being opened in your name without your consent. A fraud alert simply is a red flag alerting companies to the fact you may have been the victim of fraud.

2. Enable two-factor authentication

Adding an extra layer of security to your logins can help prevent scammers from gaining access to your accounts. The most common form of two-factor authentication is when a business texts you a one-time code that enables you to access your account.

That means a hacker would need to have access to your mobile phone as well as your account information in order to gain access to your accounts.

3. Sign up for credit monitoring

These services can help you keep close tabs on your accounts, alerting you if someone opens an unauthorized account in your name or even another family member's name. Some sites offer free access to credit monitoring, such as WalletHub's free monitoring of TransUnion credit accounts. However, the most thorough credit-monitoring services generally will cost you anywhere between $10 to $30 a month, according to CBS partner site CNET.

Many consumers may have signed up for free credit monitoring this week through the Equifax settlement, but experts say it's not clear when that will actually kick in. "The settlement with Equifax is pending so there's no guarantee about when that will take effect until we see something that says, 'On this date, you will receive your award," said Charity Lacey, vice president of communications for the Identity Theft Resource Center.

4. Don't get phished

Ignore unsolicited requests for information, which could be phishing attempts, or when hackers pretend to be a trusted company or individual, recommends financial site WalletHub. If you haven't been asked to be contacted, don't respond to the email, its experts say.

Capital One is asking that consumers who believe they receive a fraudulent email seeking their data forward the email to abuse@capitalone.com. After forwarding the email, the company recommends deleting it.

5. Change your passwords regularly

Consumers can also protect themselves by taking a step that most don't follow: Changing their passwords. And of course, too many consumers continue to use easy-to-guess passwords like "123456."

"Use a password aggregator such as LastPass to ensure strong, unique passwords for all of your logins," Rossman said. "We found that more than 8 in 10 U.S. adults re-use passwords, which is a major security vulnerability."