Another massive data breach, this time coming out from Capital One.

I have to admit that I’m not sweating over this data breach.  It’s not that I don’t care.  I think privacy and data security is important, so much so that I had previously wrote about Equifax data breach, Cambridge Analytica (Facebook), and ways to safeguard your data.

But, here’s the thing:  Once there is a data breach, it’s already too late.  Your data is a sitting duck out in the wild. Sure, there are some basic things you can do, but worrying about it just isn’t one of them.

What Should You Do?

When I experienced my first data breach (T-Mobile), I did everything I reasonably could to put my credit into a “safe” place:  I requested a credit “lock”, which is less stringent than a credit “freeze”.  I activated the provided credit monitoring service.

The Equifax data breach was worse because Equifax is one of the 3 major credit monitoring agencies out there. This ensured that virtually anyone who had ever applied for credit likely had their data compromised.  (Note: You can now file file an Equifax claim if you are eligible, but just don’t count on being able to get up to the full $125 from that claim.)

I didn’t have to do anything since I had some basics in place:

  • Credit monitoring:  Monitor for new account activities. If you are looking for a free option, Credit Karma comes to mind.
  • Account activity alerts:  Set up notification alerts.

Anyone could become a victim of identity theft.  Having these basic monitoring would at least alert you quickly enough if there are unusual activities.  If you don’t have them in place, consider setting them up.


It’s not ideal that these massive data breaches are still happening.  I hope these data security breaches (and class action lawsuits) are wake-up calls to companies to shore up their security practices.

Separately, I ran into this scenario a few times over the years.  Some places (e.g. dental offices or eye doctor’s offices) may have outdated practices of collecting your SSN on their forms.  Generally, if you have insurance or if you are paying out of pocket, the SSN is not required for billing purposes.  Some companies may also want to get a copy of your ID when it’s not necessary.

My advice:  If you don’t have to provide sensitive data where it’s not needed, don’t.  It’s just one less place where your data could be compromised.

Any other tips or advice for other fellow readers?