On July 19, 2019, we determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for our credit card products, and to Capital One credit card customers.

We immediately fixed the issue and began working with the United States Federal Bureau of Investigation (FBI). The outside individual who took the data was captured by the FBI. The United States government has stated that they believe the data has been recovered and that there is no evidence that it was used for fraud or was disseminated by this individual.

We are working closely with relevant Canadian and American authorities, including the Office of the Privacy Commissioner of Canada, to protect affected individuals. We’ll make free credit monitoring and identity theft insurance available to everyone affected.

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Founder, Chairman and CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

Current analysis suggests this event affected approximately 6 million individuals in Canada and approximately 100 million in the United States. The largest category of information was of consumers as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, postal codes, phone numbers, email addresses, dates of birth and income.

No login credentials were compromised. Beyond the credit card application data, the individual also obtained portions of customer data, including the following:

Social Insurance Numbers of approximately 1 million Canadian credit card customers

Customer status data, e.g., credit scores, credit limits, balances, payment history and contact information

Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018

As of September 23, 2019, we’ve completed the process of notifying Canadians affected by the cyber incident by email or mail. Be aware that we will not contact anyone by phone or text regarding this incident.

Safeguarding our applicants’ and customers’ information is essential to our mission and our role as a financial institution. We’ve invested heavily in cybersecurity and will continue to strengthen our cyber defences.

The investigation is ongoing and analysis is subject to change. As we learn more, we will update this website and provide additional information.

For our U.S. credit card customers, please visit this web page.

If you’d like to speak with an agent, call 1‑833‑727‑1234.

Q&A