On July 31, 2019, the Office of the Privacy Commissioner of Canada (OPC) announced that it is investigating a massive data breach at Capital One Financial Corporation (Capital One). The breach is reported to affect approximately 6 million Canadians and 100 million Americans whose personal information has been accessed without authorization.

Capital One detected the breach on July 19, 2019. According to US court documents, a hacker allegedly gained access to Capital One’s servers on March 12, 2019, and, on April 21, 2019, posted details about the attack on GitHub. Capital One learned of the attack on July 17, 2019, when the company was alerted to the GitHub page through Capital One’s responsible disclosure program. After an investigation, Capital One officially confirmed the breach on July 19, 2019.

The leaked information is thought to include credit card application data including names, addresses, postal codes, phone numbers, email addresses, dates of birth and self-reported income. Social insurance numbers from approximately one million Canadians are also thought to be compromised. The company has indicated that it will be notifying affected individuals by letter or email starting August 5, 2019. The company expects that this process will take several weeks.

For more information about the Capital One data breach and what the company is doing to respond please see Capital One’s website here.

Summary By: Jae Morris

E-TIPS® ISSUE 19 08 07