Capital One contacting those impacted by data breach beginning next week

Capital One says customers impacted by the company's data breach will be contacted by either letter or email.

They will not be calling anyone by phone to notify them if they have been affected. They've warned against giving out any personal information to anyone claiming to be from Capital One if a call is received.

The data breach, announced earlier this week, affected 100 million people from the U.S. and six million from Canada. 

Customer information such as credit card application data, transaction history, contact information, and credit scores, limits and balances were allegedly hacked by software engineer Paige A. Thompson.

Social insurance numbers from approximately one million Canadians were thought to be compromised. 

Thompson, who is now in U.S. custody awaiting an Aug. 15 detention hearing, has been charged with one count of computer fraud and abuse in U.S. District Court in Seattle.

Capital One said it's working with authorities from the U.S. and Canada including the Office of the Privacy Commissioner of Canada to "protect affected individuals."

"Unfortunately, it's appalling but not surprising," said Ann Cavoukian, executive director of the Privacy by Design Centre for Excellence and Ontario's former privacy commissioner. 

"Companies are simply under-resourced. They're not devoting the resources required for strong security." 

She also said those who had their social insurance numbers and other personal data compromised could be prime victims of identity theft.

Cavoukian said Canadians who have a Capital One credit card should check their card history for any suspicious charges. If suspicious charges are found, they should contact Capital One immediately by calling the number on the back of their card. 

Capital One alleges there was a firewall "configuration vulnerability" that was exploited by Thompson, who formerly worked at Amazon Web Services in 2015. AWS hosted the data she allegedly accessed illegally. 

"You would think when you're dealing with sensitive data like credit card information, you would give it the highest level of protection," Cavoukian said.

Loss of long-term trust

Saul Klein, dean of the Gustavson School of Business at the University of Victoria in British Columbia, said that data breaches like this have a real long-term impact on consumer trust. 

Capital One will have to go the extra mile to regain trust in their customers, Klein said.

Being transparent about actions taken since the breach is important, and Klein said the company is doing well given its magnitude.

Klein said data breaches are happening more often and he worries that they are becoming normalized. 

As people lose trust, companies will lose business.

"We're living in a world where we're more and more dependent on organizations customizing the way they interact with us, and having data allows them to serve us better," Klein said.  

"But at the same time, if our data is not protected we're not going to want to interact with them."