Capital One contacting those impacted by data breach beginning next week

Capital One sayscustomers impacted by the company's data breach will be contacted by either letter or email.

They will not be calling anyone by phone to notify them if they have been affected. They've warned against givingout any personal information to anyone claiming to be from Capital One if a call is received.

The data breach,announced earlier this week, affected 100 million peoplefrom the U.S. and sixmillion from Canada.

Customer information such as credit card application data, transaction history, contact information, and credit scores, limits and balances were allegedly hacked by software engineerPaige A. Thompson.

Social insurance numbers from approximately one million Canadians werethought to be compromised.

Thompson, who is now in U.S.custody awaiting an Aug. 15 detention hearing, has been charged with one count of computer fraud and abuse in U.S. District Court in Seattle.

Capital One said it's working with authorities from the U.S. and Canada including the Office of the Privacy Commissioner of Canada to "protect affected individuals."

"Unfortunately, it's appalling but not surprising," said Ann Cavoukian, executive director of the Privacy byDesign Centre for Excellence and Ontario's former privacy commissioner.

"Companies are simply under-resourced. They're not devoting the resources required for strong security."

She also said those who had their social insurance numbers and other personal data compromised could be prime victims of identity theft.

Cavoukiansaid Canadians who have a Capital One credit card should check their card history for any suspicious charges. If suspicious charges are found, they should contact Capital One immediately by calling the number on the back of their card.

Capital One allegesthere was afirewall "configuration vulnerability" that was exploited by Thompson, who formerly worked at Amazon Web Services in 2015. AWS hosted the data she allegedly accessed illegally.

"You would think when you're dealing with sensitive data like credit card information, you would give it the highest level of protection," Cavoukian said.

Loss of long-term trust

Saul Klein, dean of the GustavsonSchool of Business at the University of Victoria in British Columbia, said that data breaches like this have a real long-term impact on consumer trust.

Capital One will have togo the extra mile to regain trust in their customers, Klein said.

Being transparent about actions taken since the breach is important, andKlein said the company is doing well given itsmagnitude.

Klein said data breaches are happening more often and he worries that theyare becoming normalized.

As people lose trust, companies will lose business.

"We're living in a world where we're more and more dependent on organizations customizing the way they interact with us, and having data allows them to serve us better," Klein said.

"But at the same time, if our data is not protected we're not going to want to interact with them."