Not a Capital One customer? Your personal information could still have been hacked

A Scarborough man whose application for a Capital One credit card was denied 12 years ago said he was “terribly upset” after he got a letter from the company saying his personal information had been breached in a cyber-attack.

About 106 million Capital One customers and applicants had their personal information exposed last month in a data breach including about six-million Canadians. What surprised many people is that some were affected by the hack even though they were not Capital One customers. 

Oliver Williams said he had heard about the data breach at Capital One, but was not concerned as his application for a credit card had been denied.

“I was glad my application was denied, because I thought I wouldn't be affected by it , but now I am, very much so," he said. 

A company spokesperson told CTV News Toronto that it keeps historical data for safety reasons, for stress testing and for statistical credit modeling. 

"We sincerely apologize to those impacted by this incident. We are providing two years of free credit monitoring and identity theft insurance from Transunion to everyone impacted, " the spokesperson said.

Williams said knowing his personal information has been compromised has made him “very, very irate and terribly upset." 

He also said that he believes it’s wrong for a company to keep personal information if you’re not their customer. 

“I definitely would like the information that I gave them to be withdrawn or sent back to me or shredded,” Williams said.

Williams said he'll likely now accept Capital One's offer to monitor his credit, but he feels everyone should know that if you apply for a credit card and do not get it, the company may still keep your personal information on file. 

Capital One said it believes the hacked information has not been used for fraudulent purposes.

“We began directly notifying Canadians affected by the cyber incident by email on August 7, 2019, and will continue our process of notifying affected individuals by email or mail over the coming weeks,” according to the Capital One website.

Customers can also call the company directly to check on account.

In the event of a data breach, customers should be cautious of texts, emails and phone calls from scammers posing as employees. Customers should also monitor their accounts for fraudulent activity and watch credit card and banks statements carefully for unexpected charges.