MoneyIf your SIN was stolen in the Capital One breach, getting a new one isn’t easy
Capital One data breach hits about 6 million people in Canada, 100 million in U.S.
Capital One said the breach affected the names, addresses, phone numbers and dates of birth of many millions of people.
A recentthat impacted more than six million Canadian accounts also compromised one million (SIN).
In addition to six million Canadians, 100 million people in the United States were also impacted by the hack.
Additional information stolen included names, addresses, phone numbers, postal codes, email addresses and self-reported income. According to the company, the data stolen in the hack was largely linked to consumers and small businesses that applied for Capital One credit card products between 2005 and 2019.
How to Protect Yourself After the Capital One Data Breach
A data breach of Capital One, the nation’s seventh-largest bank by assets, compromised the personal information of approximately 100 million U.S. consumers and 6 million consumers in Canada, the bank…
If your SIN is stolen, however, it can allow hackers to fill out credit card applications or make large credit purchases in your name, such as applying for a mortgage or a car loan.
What's more, Daveed Gartenstein-Ross, a counter-terrorism scholar and CEO of Valens Global, says that unlike credit card fraud, a compromised SIN is often harder for consumers to detect and address.
Here's how to determine whether your SIN is compromised and what to do about it.
How do you know if my SIN has been stolen?
While credit card fraud will often present itself as a number of repetitive, smaller purchases on your monthly credit statements, the primary way to discover your SIN has been compromised is to request and review your credit report.
Everything Canadians need to know about the Capital One data breach
The recent Capital One data breach has affected about 100 million people in the United States and about 6 million people in Canada. Here's what we know so far about how this will affect Canadians.
By doing this, consumers can see clearly which accounts are currently open under their name, and report this activity to the credit bureaus, Equifax or TransUnion, quickly.
"The danger in having a SIN stolen is that it's used as a basic ID for you across a range of things that you do. A SIN can be used in government to unlock information and get further information to enable identity theft," Gartenstein-Ross explained.
Another day, another data hack — and truth is, there's not much you can do about it
On the heels of several high profile data thefts affecting billions of people, this week's news that Capital One has been breached reveals an ugly truth for consumers: you've been hacked, whether you know it yet or not.
WATCH: Capital One banking breach compromises data of over 100 million people
"Other things your data is being used for are applications for credit cards or applications for loans," he added.
Jeff Thomson, a senior RCMP intelligence analyst with the Canadian Anti-Fraud Centre, says individuals who still receive their credit card statements by mail should take note if these statements stop coming.
"Part of [this form of identity theft] might [be] rerouting your mail or attempting to reroute your mail so that when they start doing spends on these cards, that you're not actually getting the mail for this," he explained.
Privacy commissioner opens investigation into Capital One data breach
OTTAWA — The Office of the Privacy Commissioner of Canada says it is investigating a data breach at Capital One that has affected six million Canadians after receiving complaints from customers. It says Capital One contacted the office about a breach in which personal information, including one million social insurance numbers, had been accessed without authorization. The company has said it would notify affected individuals by letter or email next week but would not telephone customers.
So you think your SIN has been compromised. Now what?
Once you've noticed unfamiliar accounts on your credit report, Gartenstein-Ross says the next step is to request a credit freeze from one of the two major credit-reporting bureaus.
While your first instinct may be to attempt to have your SIN number changed, Gartenstein-Ross says there are a number of things consumers should do before that, first and foremost of which is request a credit freeze.
"I think there's other steps they can go to, to fulfil the same purposes. One of the most important steps to keep oneself safe from the kind of fraud that can occur is a credit freeze," he explained.
A credit freeze allows only a limited number of entities to see your credit-reporting file, including creditors of accounts you currently hold, certain government entities, like child support agencies, and companies that you've hired to monitor your credit file. Consumers have the option to temporarily unfreeze their credit (i.e., when they need to open a new credit account), using a specialized PIN number, Gartenstein-Ross explained.
Will Capital One be held accountable for data breach? In Canada, probably not
The six million Canadians who had their personal information compromised in the Capital One data hack might get some sort of compensation eventually, but they shouldn’t hold their breath, according to industry experts. Unlike in the United States and Europe, where governments have stepped up enforcement and moved to impose massive fines on companies who mishandle personal data, Canada’s laws just aren’t set up that way. In Canada, the
"When you freeze your credit at credit-reporting bureaus, then each time you need to apply for credit like a mortgage or a car loan, you have to use a PIN that lets you unfreeze your credit reporting," he said.
Without being able to access your credit-reporting file, creditors typically won't offer you new credit. According to the, this can be incredibly useful in preventing an identity thief from opening new accounts in your name.
If you do decide to seek a replacement SIN, the process can be complicated.
After reporting a stolen SIN to the police, Canadians need to visit their local Service Canada and bring with them a number of documents to prove they've been a victim of fraud or identity theft.
"Service Canada does not generally go down the road of a new SIN other than in the case of fraud or data breaches, and there's all kinds of complexities involved," Thomson explained. He added that while Service Canada will inform the government of a replaced SIN, it's up to the individual to report this change to any other relevant entities, such as banks, employers and insurers.
with Service Canada include a printout of all the employers who issued a T4 slip for your SIN over the past three years, a clear photograph of yourself which Service Canada will send for verification to these companies to verify your employment, a list of every address where you lived over the last 10 years and proof that you have filed a complaint with the police.
Canadian law firm launches class action lawsuit after Capital One data breach
A Canadian law firm is inviting Canadians affected by the recent Capital One data breach to register for a class action lawsuit. Around six million Canadians and 100 million Americans were affected by the data breach revealed last month. A hacker obtained unauthorized access to the personal information of Capital One customers and those who applied for its credit cards between 2005 and 2019. The breach includes names, addresses, postal codes, phone numbers, email addresses, birth dates and income information. One million social insurance numbers were also compromised.
Is it worth it to replace your SIN?
While it is possible — albeit difficult — to replace your SIN, many experts don't believe it's worth going through the trouble.
"I don't know anybody who has had their SIN or social security number changed successfully," Gartenstein-Ross said.
"There's a lot that goes into changing it, and it isn't clear, given the prospect of more data breaches, that your SIN would be safe for very much longer so, personally, I don't see a need to recommend this."
WATCH: Surveillance video revealed that shows raid on home of the suspect in Capital One breach
He went on to explain that there are other steps individuals can take, such as credit monitoring and requesting a credit freeze, that fulfil the same purposes.
Thomson notes, however, that obtaining a new SIN is the most effective way to find the person trying to use your identity.
"If somebody is going in and using your SIN to try and open up a fraudulent account, that's going to be an automatic red flag because you've got a new SIN attached to your credit report so I do see value in it," he explained.
How can you protect yourself from SIN breaches?
Both Gartenstein-Ross and Thomson agree that the most effective way to protect your SIN card against identity theft is to regularly monitor your credit reports and be cognizant of any new accounts you don't recognize.
Gartenstein-Ross additionally says that individuals who want to be extra cautious are advised to request a credit freeze ahead of realizing their SIN has been stolen to prepare for potential future breaches as well.
Ontario woman files suit on behalf of Canadians affected by Capital One data breach.
TORONTO — A prominent Ontario personal injury law firm has filed a class action on behalf of Canadians affected by the massive Capital One data breach that disclosed on July 30. Diamond & Diamond's suit seeks compensation for Canadians who applied for credit cards from Capital One between 2005 and 2019. "This data breach could have very serious ramifications for those affected with regards to their future finances," said Jeremy Diamond, managing partner at the firm, in a statement. The suit's representative plaintiff is Rina Del Guidice of Bolton, Ont., who obtained a Costco Wholesale MasterCard through Capital One.
How Hackers Really Crack Your Passwords
How do computer hackers figure out our passwords? Learn about the techniques they use to crack the codes, and what systems protect us. Building Digital ...