The Office of the Privacy Commissioner of Canada says it is investigating a data breach at Capital One that has affected six million Canadians after receiving complaints from customers.
It says Capital One contacted the office about a breach in which personal information, including one million social insurance numbers, had been accessed without authorization.
The company has said it would start to notify affected individuals by letter or email next week but would not telephone customers.
It says people receiving calls from someone claiming to be from Capital One should not provide any information, including account information or social insurance numbers.
The breach also exposed the data of roughly 100 million U.S. clients, including about 140,000 Social Security numbers and 80,000 linked bank account numbers.
In addition to credit card application data such as phone numbers, email addresses, dates of birth and self-reported income, the hacker was also able to access credit scores, credit limits and balances, as well as fragments of transaction information from a total of 23 days in 2016, 2017 and 2018.
Editor’s Note: This is a corrected story. An earlier version failed to state that notification will start next week.