Capital One Data Breach and Cybersecurity

August 12, 2019

The Current Risk

You’ve likely read the news stories about the Capital One data breach that was detected last month. While this is not the first global company to have its data compromised, it is noteworthy in its scale: nearly 106 million of the bank’s customer and applicant accounts were affected. This recent incident comes about a week after Equifax announced a settlement over its 2017 data breach, which affected about 143 million people. While these occurrences are a constant risk in the current landscape, they remind us of the importance of taking proactive steps to safeguard our personal and financial information.

Whether or not you are a Capital One customer, here are some actions we advise you to consider taking to protect your personal data and accounts:

  • Use strong passwords and employ two-factor identification when possible—modify your account settings to require a one-time code be texted to you every time you log into your account.
  • Monitor your bank accounts frequently and document everything—maintain copies of expenses and records of your conversations related to any bank accounts.
  • Set up fraud alerts—these alerts will notify you if someone tries to apply for credit in your name. This may be the best course of action for individuals who are considering a large purchase or business commitment that may require the use of credit in the near future. Rather than contacting each credit agency, you can place a fraud alert with one company and they will notify the other two bureaus to extend the alerts in your name.
  • Check your credit report—all Americans are entitled to one free credit report every year from all three major reporting agencies, accessible at annualcreditreport.comPlease remember that your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it.

The Broader Issue: The Rise of Cybercrime and the Importance of Cybersecurity

The overarching issues raised by the Capital One data breach are the very real and growing threats of cybercrime and identity theft. Reported cybercrimes cost victims over $2.7 billion in monetary damages in 2018, according to the FBI.

As a registered investment advisor and fiduciary to our clients, Litman Gregory is bound by our fiduciary standard to put our clients’ needs first. Among other responsibilities, that means making sure our clients, and their confidential financial information that we hold, aren’t put at risk of scams, phishing, and a multitude of other techniques employed by cybercriminals.

In addition to regularly reviewing our cybersecurity policies and ensuring we are following best practices, we continue to work with a cybersecurity consultant to find new ways to protect our internal data as well as our clients’ privacy. If implemented correctly, proper controls can prevent 95% of external fraud. Some of the common tactics include:

  • Fraudsters hacking into email accounts, and then sending emails that appear to be from the email owner requesting money transfers, wires, etc.
  • Fraudsters requesting a transfer of account assets online, often to an alternate account where the fraudster has been able to gain access.

In each instance, the fraudster attempts to impersonate someone electronically, thanks to the success of a “phishing” expedition into his or her personal emails and contacts. Sometimes this phishing is accomplished by luring someone into revealing personal information, either by email, through a copy-cat website, or over the phone.

We also suggest doing the following to help protect yourself against these and other fraudster tactics:

  • Always double check the address from which an email originated, and be wary of clicking through emailed links and opening unexpected attachments, as these can invite a fraudster through to your computer.
  • Don’t check financial accounts while on publicly accessible networks or computers because your keystrokes (and therefore passwords) can be monitored by cybercriminals.
  • Be willing to make financial requests or provide verbal confirmation for such requests over the phone with your advisor and/or custodian, appreciating that this secondary step helps keep your information safe.

For many years at Litman Gregory, we have aided clients as they navigate the threats of cybercrime and protect themselves from attempted security breaches. Unfortunately, as the recent breaches indicate, cybercrime is on the rise and becoming more sophisticated. Looking ahead, we will continue to be on our guard and stay abreast of new ways that we, and our clients, can work to protect their identity and finances.

Do you have questions about how we protect client accounts or the steps you and your family can take to better protect yourselves and mitigate risk? Please call your Litman Gregory Advisor or contact us here.


This report is solely for informational purposes and shall not constitute an offer to sell or the solicitation to buy securities. The opinions expressed herein represent the current views of the author(s) at the time of publication and are provided for limited purposes, are not definitive investment advice, and should not be relied on as such.

Helpful Insights