Hacker stole credit card applications holding Social Security and bank account numbers.
Capital One announced Monday that the Federal Bureau of Investigation arrested a hacker for allegedly stealing more than 100 million U.S. credit card applications, compromising tens of thousands of Social Security and bank account numbers.
Seattle based software engineer, Paige Thompson, has been taken into custody by the FBI, according to court records of the incident.  The 33-year-old is being charged with computer fraud and abuse, the records say.
Thompson bragged about the crime over social media and messaging services like Twitter and Slack under the alias “erratic.”
“I’ve basically strapped myself with a bomb vest, … dropping capital ones dox and admitting it,” one message says. “I wanna distribute those buckets I think first. Their SSN – with full name and DOB.”
If you hold an existing Capital One credit card or secured credit card, your information may be among the stolen Social Security or bank account numbers. The information at risk is the following…
- Credit scores
- Credit limits
- Payment history and transactions
Also at risk are individuals who applied for Capital One credit cards and secured credit cards between 2005 and early 2019. The following information has been compromised…
- Dates of birth
- Email addresses
- Phone numbers
Capital One’s response
The data stolen includes roughly 140,000 Social Security numbers and 80,000 bank account numbers, according to the bank. It says it’s offering free credit monitoring and identity theft protection. 
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” says Richard D. Fairbank, Capital One Chairman and CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
This breach is on the heels of a settlement from the 2017 Equifax breach that exposed the personal data of approximately 147 million U.S. consumers, which is more than half of the adult population in the country, according to Fox Business. 
The bank predicts the incident will cost $100 million to $150 million to fix this year alone.
How to protect your identity
If you are a victim of the breach or want to prevent being one in the future, here are five tips on how to protect your identity:
For more information, check out Debt.com’s in-depth report Dealing with Data Breaches.
1. Identity theft protection. The first step is using the free ID theft protection and credit monitoring being offered. It’s understandable if Capital One has left a bad taste in your mouth.
If that’s the case, you can always sign up for free 24/7 monitoring of your credit report through the credit bureau TransUnion. It may not offer ID theft protection, but you will be notified if someone attempts to open an account in your name.
Working to improve your credit? This tool can help you identify potential errors and make disputes. Try it free for 14 days.
2. Check your credit reports. Legally, you’re allowed to check one credit report from each bureau yearly through AnnualCreditReport.com.
3. Sign up for two-factor authentication. This is just added protection for more peace of mind. There are free apps offered through the Apple App Store or Google Play, like Duo Mobile or Google Authenticator.
4. Freeze your credit reports. Contact the three credit bureaus (Equifax, Experian, or TransUnion) to put a freeze on your credit reports. The hacker has been apprehended, so this may not be necessary. But putting a freeze will stop anyone – including yourself – from opening any accounts in your name.
It used to cost money, but as of last year, you’re now able to freeze your credit reports at no charge.
5. Create a mySocialSecurity account. This is a free service where you can monitor any Social Security benefit claims made using your number. You can create an account here.
If your Social Security number has been compromised and you want to avoid having your information used online, you can choose to block electronic account access. Doing so will stop – even you – from making changes to your personal information through the internet or automated telephone service.
Published by Debt.com, LLC