Capital One was formed in 1988 by Morris Nigel and Richard Fairbanks in McLean Virginia. The company has grown exponentially since its inception and now employs over 40,000 people within its 755 branches. In 1996 the company expanded its reach to include Canada and the United Kingdom. This expansion gave the company access to a growing international credit card market and by 1997, the company held over $10 billion in credit card receivables, while providing financial services to nearly ten million customers all over the globe.
By the late 1990’s, Capital One made the move from offering traditional credit cards with attractive teaser rates, to offering a diverse selection of credit card products to address the diverse needs of an evolving consumer base. The company was one of the first to offer secured credit cards. The entry into the secured card market led to the establishment of Capital One FDB, which gave the company the ability to lend on secured cards and offer financing for auto installment loans. By 2016, the company was the third largest issuer of credit cards and auto loans in the United States.
Capital One’s growth strategy did not stop at secured credit products and auto loans. The company sought out to buy smaller banks and offer home loans with a goal to reduce its dependency on the credit market. Its participation in the home loan industry was cut short by the housing crisis. During the crisis, the company received billions from the US Treasury through the Troubled Asset Relief Program and closed the newly formed mortgage division due to significant losses. The money from the US Treasury was just a loan and the company paid the funds back in exchange for company stock. Although home loans are no longer offered, other banking services are serviced through Capital One 360. Capital One 360 offers traditional banking services such as saving, checking, and money market accounts. In 2017, the bank’s commercial banking division expanded its banking services to include depository services, commercial loans, and wealth management. Its private wealth management and banking division caters to the financial needs of individuals with high net worth.
On July 19, Capital One experienced a mass hacking attack which led to one of the largest data breaches to date. The hacker, Paige Thompson, was successful at gaining access to more than 100 million credit card applications and customer accounts. Thompson previously worked as a software engineer for Amazon Web Services, the cloud hosting company that Capital One currently contracts with. The breach was revealed when a subscriber to GitHub contacted Capitol One and informed them that data had been leaked and that their consumer’s private information was at risk. Thompson’s was able to tap into a mis-configured firewall in a web application. As a result of the hacking, American social security numbers and Canadian social insurance numbers were exposed. It is believed that customer’s personal information including addresses, credit card balances, and credit scores were also revealed in the hack. In the criminal complaint filed against Thompson, it says that she attempted to share the information online.
According to Capital One, the breach may also include the information of consumers who applied for credit services. The applications may date back as far as 2005. The company, in an attempt to calm consumer fears, claims that the application’s vulnerability has been addressed and does not believe that the information was used for fraud. The investigation is ongoing and so far it is believed that there were no log in credentials or full account numbers revealed.
A lawsuit was filed against Capital One and Amazon Web Services in response to the breach. The data breach has also led to multiple lawsuits claiming that the company failed to protect the privacy and security of consumers’ personal data. There was a lawsuit filed in a Seattle Federal court names Amazon as a defendant. The suit claims that Amazon had knowledge of the vulnerability and did not take the necessary steps to address it.
In response to the hack, Capital One has already or will notify all who appeared to have been affected by the breach. Customer should expect to receive a letter that outlines the details of the hack and advisement on how to monitor their credit. Consumers who were affected by the data breach should have heard from Capital One the week of August 5 and will have an opportunity to take advantage of free identity protection and credit monitoring services. Capital One anticipates that the breach will cost the company upwards of $150 million. These costs will include notifying customers, free credit monitoring offers, legal support, and tech costs. Unfortunately, the breach may awaken opportunists hoping to capitalize on the event. Customers must be aware that there may be scammers posing as bank representatives looking to retrieve personal and credit information.
To stay ahead of potential fraud, it is advised that customers keep an eye out for fraud by monitoring their credit reports. In addition to the free services offered by the company, customers can obtain one free credit report each year from the three major credit bureaus. When reviewing the credit report, look for any unfamiliar inquiries and new lines of credit. When selecting a credit monitoring service, select a company that consistently monitors credit report activity and immediately sends alerts of changes. If fraud is suspected, a fraud alert can be set up through the monitoring service directly with the credit bureau. Once the alert has been activated, creditors will be notified that the consumer may have been a victim of fraud and that will trigger the creditor to place a hold on an application or require additional verification for credit offers and line increases. Placing an alert on a credit profile will not affect the credit score.
Another option in addition to placing a fraud alert on a credit profile is to freeze credit access altogether. By placing a freeze, creditors can not access the credit profile to extend offers of credit and loans. If a consumer wishes to apply for credit, they will have to contact the credit bureaus to have the freeze temporarily lifted. With technology today, you may be able to freeze and unfreeze through a secure app or account through the 3 credit bureau’s. You will have to do each one separately. Keep in mind, there are free options as well such as Credit Karma and other companies where you can also keep a keen eye on your personal credit profile. Remember, if you see something on your credit report that just doesn’t add up or you do not remember, take action and let the banking institutions as well as the credit bureau’s know what is going on and when it happened. Sooner than later is recommended.
References:
“Amazon and Capital One face legal backlash after massive hack affects 106M customers” GeekWire.Com. August 9, 2019, https://www.geekwire.com/2019/amazon-capital-one-face-lawsuits-massive-hack-affects-106m-customers/. Accessed August 15, 2019
“Capital One Financial Corp” Corporate Finance Institute. Undated, https://corporatefinanceinstitute.com/resources/careers/companies/capital-one-financial-corp/. Accessed August 13, 2019
“A hacker gained access to 100 million Capital One credit card applications and accounts” CNN.Com. July 30, 2019, https://www.cnn.com/2019/07/29/business/capital-one-data-breach/index.html. Accessed August 11, 2019
