Capital One Breach

/in /by

Capital One in Queens, NYC, NY

Capital One has announced that nearly 106 million customer accounts and credit card applications have been compromised.

Breach announced: August 4, 2019

Breach Period: 2005-March 23, 2019

Description of the breach: Capital One has announced that many of their customers’ Social Security numbers, Canadian Social Insurance numbers, bank account numbers, names, addresses, credit scores, credit limits, and account balances have been compromised. No log-in credentials were exposed in the breach.

It is believed that the breach occurred March 22-23, 2019. This massive breach affected credit card applications and accounts dating as far back as 2005. Individuals whose Social Security number or account numbers were compromised can expect to receive a letter in the mail from Capital One soon.

Capital One is offering free credit monitoring and identity protection to everyone that is impacted by this breach.

Capital One’s breach hotline: 1-800-227-4825

Capital One’s explanation of the breach: Link 

More coverage of this breach: CNN and CNet

Equifax settlement: Beware of fake settlement offers!

/in /by

tablet viewing credit score

UPDATE: Due to the small size of Equifax’s settlement fund, victims may receive less than the promised $125 cash settlement. NCL is now recommending that consumers take advantage of the free credit monitoring option.

While the Equifax breach is not new, the announcement of an FTC settlement fund could create an environment ripe for scammers to take advantage of Equifax breach victims. As you look into your rights, make sure you only file a claim through the Federal Trade Commission (FTC) and the official Equifax breach settlement page 

Background of the breach and settlement: In September 2017, Equifax announced one of, if not the largest and most damaging data breaches in history which compromised the personal information of 147 million Americans. Last week, the Federal Trade Commission announced a settlement fund which will help breach victims protect themselves from identity theft and repay victims for expenses they have encountered from the breach. 

You can find out if you are a victim of the Equifax breach by clicking here. 

Under the terms of the settlement, Equifax breach victims can choose between:  

4 years of credit monitoring with all 3 credit bureaus (Experian, Equifax, and Trans Union) 

  • The 4 years of credit monitoring includes a $1,000,000 identity theft insurance policy 
  • In addition to the 4 years of monitoring with all 3 credit bureaus, this option provides an additional 6 years (a total of 10 years) of free credit monitoring of your Equifax report 

OR 

A cash settlement of less than $125 cash if you already have credit monitoring of some kind. 

  • NCL recommends to avoid this option and take advantage of the free credit monitoring. Because of the popularity of the cash settlement option, and the limited amount of funds Equifax has set aside to pay it out, it is very likely that victims who choose this option will receive much less than $125.  
  • Victims who have already selected the cash settlement option, may change their decision and opt for free credit monitoring by emailing the settlement administrator at: info@EquifaxBreachSettlement.com  

In addition, victims will be provided access to a compensation fund that will compensate victims for things like: 

  • Time spent dealing with the breach ($25 per hour up to 20 hours) 
  • The cost of freezing or unfreezing your credit report 
  • Costs incurred for credit monitoring 
  • Fees you paid you’re your attorney or lawyer for breach related work 
  • Other miscellaneous fees related to dealing with the breach such as notary fees, postage, millage and phone charges. 

To learn more about the breach compensation fund, check out: 

If you have additional questions you can contact the Equifax administrator by: 

  • Calling 1-833-759-2982 
  • Emailing info@EquifaxBreachSettlement.com 

Quora Breach

/in /by

Screenshot of the website Quora's login page.

Quora, the crowdsourced question and answer website has announced that 100 million user accounts have been compromised. 

Breach announced: December 3, 2018

Description of the breach: The popular question and answer website Quora, has announced that 100 million of its users may have had their account information compromised. The breach is believed to have compromised users’ names, email addresses, encrypted passwords, any data users may have authorized Quora to import from other platforms, content they may have published including questions, answers, comments, and upvotes. In addition, the breach is also believed to have compromised users nonpublic content actions like direct messages, and down votes.  

All Quora users should change their Quora account password along with any other accounts where they may have used that password. In addition, consumers should be on the lookout for phishing emails. In the aftermath of breaches, scammers often employ phishing attacks on breach victims to trick them into disclosing more information. It is important to never click on links or attachments found in suspicious looking emails and to go directly to Quora’s website to change your account password.

Quora blog posting announcing the breach: Link

More coverage of this breach: NBC News and New York Times

Marriott Starwood Breach

/in /by

Marriott and Starwood properties have announced that the personal data of up to 500 million of their customers has been compromised.

Breach announced: November 30, 2018

Description of the breach: Marriot International, which includes many popular hotel brands such as, Sheraton, and W Hotels, announced that the data of up to 500 million of their guests had been compromised. The breach, which occurred from 2014 to September 10, 2018, compromised consumers’ names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest (“SPG”) account information, dates of birth, gender, arrival and departure information, reservation dates, and communication preferences. For some, the information also included encrypted payment card numbers and payment card expiration dates.

Customers who stayed at a Starwood property should closely monitor their financial accounts, change their Starwood Prefered Guest passwords along with any other accounts where they may have used that password, and monitor their Starwood preferred guest account for suspicious activity.

Data breach period:  Customers with additional questions that are located within the United States should call Marriott’s data breach support hotline at: 877-273-9481

Data breach period:  2014 to September 10, 2018

Facebook Newsroom security update: Link

More coverage of this breach: NBC News and Washington Post

Facebook breach

/in /by

Facebook has announced that 50 million accounts may have been breached. While Facebook does not currently know whether any personal data had been accessed by hackers, or if the breach allowed hackers to take over accounts, Facebook does acknowledge that it is possible and that it is looking into it.

Breach announced: September 28, 2018

Description of the breach:  On September 28, Facebook publicly acknowledged that nearly 50 million user accounts had been compromised. While it is not currently known who accessed, or to what extent user data was compromised, Facebook is continuing to investigate. In the meantime, to safeguard user accounts facebook has reset 90 million user accounts which will require these users to log back into their accounts.

Data breach period:  Prior to August 20, 2018

Facebook Newsroom security update: Link

More coverage of this breach: Variety and CNBC

T-mobile breach – Fraud.org

/in /by

T-Mobile has announced that hackers have stolen the personal data of around 2 million of its customers. While passwords, credit card numbers, and Social Security numbers were not stolen, personal information including usernames, billing zip codes, phone numbers, email addresses, account numbers, and whether customers prepaid or postpaid their accounts has been compromised.

Description of the breach: Around 2 million of T-Mobile’s 74 million customers have had their personal information compromised. While T-Mobile was able to regain control of its system, many of its users have had personal information like their name, billing zip code, phone number, email address, account number, and whether they prepaid or postpaid breached. Fortunately in this attack, hackers did not access users passwords or Social Security numbers.

T-Mobile has promised to finish reaching out to all affected users shortly. Customers with questions or concerns should contact T-Mobile by dialing 611 from their T-mobile device, or chatting with the company through the T-mobile App.

Data breach period:  Prior to August 20, 2018

T-Mobile’s letter to customers: link

More coverage of this breach: The Verge and ABC News

Panera breach – Fraud.org

/in /by

Panera Bread has acknowledged that their online ordering system was the subject of a data leak. Customer information including names, email addresses, home addresses, birth dates and the final four payment card digits was compromised. The breach was first discovered in August 2017 and was fixed in April 2018.

Description of the breach: Security researchers estimate that more than 7 million Panera Bread customers have had their ordering data compromised. Individuals who ordered online, or used MyPanera over the past 8 months are likely to have had their names, email address, physical address, birthday, ordering habits, food preferences, and last four digits of their payment card compromised.

While Panera Bread disputes the size of the breach, users of Panera Bread’s online ordering system should be on the lookout for phishing emails. Due to the type of data that has been compromised fraudsters will be able to incorporate data such as past order historys, to lure victims into clicking malware-laden links or into divulging information like their full credit card number. In the coming days, Panera bread customers should be particularly wary of suspicious emails, and avoid clicking on links questionable links.

Data breach period: Prior to August 2017 to April 2018

More coverage of this breach: Krebs on Security and Fortune

Saks Fifth Avenue / Lord and Taylor breach – Fraud.org

/in /by

On April 1, 2018, Lord & Taylor and Saks Fifth Avenue announced that their luxury clothing stores were the subject of a data breach. The data breach is believed to have compromised 5 million customers’ payment card information. Shoppers who used a credit or debit card at any retail location between  May 2017 and April 2018 are likely to be affected.

Announced: April 1, 2018

Description of the breach: Luxury clothing retailers Lord & Taylor, Saks Fifth Avenue, and Saks OFF 5th announced that they were the subject of a data breach. The breach is thought to have compromised 5 million credit and debit card numbers. The breach is believed to have affected all Lord & Taylor, Saks Fifth Avenue and Saks OFF 5th North American locations.

Customers who were affected have or will likely receive communications from their banks with instructions on what to do in the following days.  In the meantime, customers of Lord & Taylor, Saks Fifth Avenue and Saks OFF 5th, should monitor their credit and debit card statements and report any unauthorized activity immediately to their financial institution.

Data breach period: May 2017 to April 2018

Saks 5th Avenue data breach hotline:  1-855-270-9187

Official statement and F&Qfrom Saks 5th Avenue: https://www.saksfifthavenue.com/include/aem/aem_static.jsp?page=security-information-notice&site_refer=EML

More coverage of this breach: Reuters and Fortune

MyFitnessPal breach – Fraud.org

/in /by

The fitness and diet tracking app, MyFitnessPal, recently announced that it was the subject of a 150 million account data breach.

Announced: March 29, 2018

Description of the breach: On March 29, 2018, the fitness and health tracking application, MyFitnessPal, informed its users that they were the subject of a 150 million account data breach. While personal information like step count, diet, and payment information is not believed to have been compromised, usernames, email addresses, and passwords were affected by the breach.

MyFitnessPal users should immediately change their passwords. In addition, users should be on the lookout for phishing attacks and remember that legitimate communications from MyFitnessPal about this issue will never request users to click on a link, or download a file. MyFitnessPal has encouraged users go to its website to update their account information. If you receive an email from MyFitnessPal about this data breach and it asks you click on a link or download a file, it is a phishing attack.

Data breach period: February 2018

Myfittnesspall’s FAQ webpage: https://content.myfitnesspal.com/security-information/FAQ.html

More coverage of this breach: The Verge and CNBC

Orbitz breach – Fraud.org

/in /by

The travel booking website Orbitz announced that 880,000 payment cards were hacked in a breach that spanned almost two years.

Announced: March 20, 2018

Description of the breach: On March 20, 2018, the online travel booking site Orbitz warned customers that 880,000 credit and debit cards used on its website had been compromised. In addition to the payment card information, the names, birth dates, phone numbers, and email and billing addresses of their customers are also believed to be compromised. Travel itinerary details, as well as passport and Social Security numbers, are not believed to have been subject to the breach.

Customers who shopped at Orbitz between January 2016 and December 2017 should closely monitor their credit and debit card statements. It is important to report any unauthorized or suspicious charges to your financial institution immediately. In the coming days, Orbitz says it will notify those who were affected by the breach and will offer the, free credit monitoring services for one year. Customers that are unsure if they are victims, or if they are interested in the free credit monitoring offer, should contact Orbitz’ data breach assistance line.

Data breach period: Jan. 1, 2016 and Dec. 22, 2017

Orbit’s data breach assistance line phone number: (855) 828-3959

More coverage of this breach: Wall Street Journal and Reuters

NCL’s Programs

NCL-logo

Fraud.org is a project of
The National Consumers League.

info@nclnet.org
(202) 835-3323

1701 K St NW
Suite 1200,
Washington, DC 20006

© Copyright 2025. All rights reserved.