TORONTO — Credit card company Capital One Financial Corp. has announced a major data breach that has compromised information from about six million Canadians, including social insurance numbers for about a million customers.
Here’s what you should do if you think your data may have been compromised:
First is to try and determine if your data has been stolen or used by hackers.
Capital One says it will notify affected customers through a variety of ways, but doesn’t specify how. It does, however, note that it won’t call individuals about it so be wary of any calls about the breach. Also be on guard for emails about it that ask for information or contain links to websites.
While waiting for word from Capital One, you should check your financial accounts for any unusual activity, and consider signing up for alerts to track activity in your financial accounts.
If you notice any suspicious activity, the Canadian government recommends you immediately report it to the police, contact the Canadian Anti-Fraud Centre, and inform Service Canada. You should also report the activity to your bank and creditors by phone and in writing.
You should also sign up for monitoring services from Equifax and TransUnion, which Capital One says it will provide for free to everyone affected.
Capital One says no credit card numbers were compromised in the breach, but you could consider asking for a new card and number, or even close your account.
The federal government, however, does not issue new social insurance numbers if they’re lost or stolen. It may issue a new SIN if there is proof that it was used fraudulently.
Customers in the United States also have the option of putting a freeze on their credit reports, but that’s not an option in Canada.
Even if your data isn’t compromised, the incident is a good reminder to review your personal data practices, including a review of your online accounts and a possible updating of passwords.
Remember that you don’t need to give out your social insurance number when applying for a credit card. In the private sector, you only need to give out your SIN to your employer for income tax and benefits and to financial institutions for accounts that pay interest.