Capital One data hack puts financial advisers on high alert

The data breach at Capital One Financial involving more than 100 million people in the United States and Canada has given financial advisers a new reason to remind their clients about the need to take identity protection measures seriously.

Monday’s announcement by Capital One that a Seattle-based hacker had accessed the company’s servers and obtained personal information on millions of credit card holders and applicants should remind consumers of the “new normal,” said Darin Shebesta, an adviser at Jackson Roskelley Wealth Advisors.

“You need to be paying attention because our information is all over the place and this kind of thing is bound to happen,” Mr. Shebesta said. “This is now the world we live in, so get used to it.”

A big part of dealing with various cybersecurity risks is building sturdy walls as a defense mechanism.

Mr. Shebesta tells his clients to freeze their credit at all three major consumer credit reporting agencies: Equifax, TransUnion and Experian. That makes it harder for thieves to open lines of credit in someone else’s name.

He also recommends regularly checking credit scores, monitoring credit card statements and subscribing for free to Credit.com, which both monitors credit activity and provides direction on improving credit scores.

Ryan Marshall, a partner at ELA Financial Group, stressed that nothing is too basic when it comes to cybersecurity protections.

“People should not use the same password over and over, even though it is easier to remember,” he said. “You should actually have passwords that make no sense with letters, symbols and digits. Lastly, turn on two-factor authentication when possible, which sends you a text message to verify who you are.”

Daniel Markuson, digital privacy expert at NordVPN, said advisers whose clients who might have been compromised by the Capital One hack should have them log on to their account and change the password, then check for additional security measures that can be taken, such as multifactor authentication.

Clients whose personal information might be involved should also freeze their credit through credit reporting agencies, place fraud alerts on credit reports, closely monitor their credit card statements and report any unusual activity, and avoid email phishing scams, Mr. Markuson said.

According to Capital One, no credit card numbers or passwords were compromised. But the alleged hacker, 33-year-old Paige Thompson, was able to access a host of sensitive information, including credit scores, account balances, contact information, some Social Security numbers and bank account links.

Cybersecurity expert Tim McSherry, managing partner at EverSec Group, said consumers and financial advisers should use this data breach as a wake-up call to be vigilant when it comes to protecting personal financial information.

“When this can happen to an entity like Capital One that has a reputation for making lots of investments in cybersecurity, it shows that regardless of the size and scope of the organization, everyone is a target,” he said. “We’re under attack whether we know it or not.”

With that kind of unfortunate reality in mind, financial services industry representatives are once again driving home reminders to clients.

“Our advice for anyone that thinks they may have been impacted is not to wait for Capital One to notify you but to immediately change your passwords across any accounts where you might have used the same login details as Capital One,” said Richard Gold, head of security engineering at Digital Shadows, a provider of digital risk protection solutions.

“Never use the same password for different accounts and use a password manager to store the information,” Mr. Gold added.

Vance Barse, wealth strategist at Manning Wealth Management, said that even though cybersecurity is typically tied to personal financial data, helping clients calmly shore up their defences can be a way for “advisers to step up to the plate to show value that isn’t dollar-sign related.”

“The Capital One data breach serves as a great, yet painful, reminder that it’s important for clients to ask financial, insurance, educational and other institutions what security measures they have in place to help prevent such violations,” Mr. Barse said. “Given that the Capital One breach is front of mind, now is a great time for clients to inquire how their institutions will assist them in the unfortunate event that their confidential data is compromised. It’s also a great time for advisers to educate clients on the information security and best practices their institutions have in place.”