Approximately 100 million people in the United States and 6 million more in Canada are affected, the company said, with about 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers compromised.
If you're a Capital One customer worried about your data, there are immediate steps you can take to safeguard your personal information, experts say.
Here's what you should do.
First off, "get ready to spend some time and energy," to make sure everything's in order, said Erica Sandberg, a consumer finance expert based in San Francisco.
The bank says it will notify everyone who was affected by the breach, and offer them free credit monitoring and identity protection services.
Take advantage of those services.
Check your accounts now
Look over your credit card and banking statements, and report any suspicious activity to the bank as soon as possible.
"If you find suspicious activity on your credit card, banks like Capital One allow you to freeze your card so that purchases can no longer be made," said Sara Rathner, a credit card expert at personal finance website NerdWallet.
"You can do this easily on the Capital One app or online."
Some experts suggest being extra cautious to avoid potential future hacks.
"Change your passwords on all accounts," said Sandberg. "Yes, again."
Freeze your credit
Taking this step means that no one will be able to access your credit reports without your permission. In other words, if someone tries to take out a loan in your name, banks can't review your report so they won't authorize the credit.
"This can be done for free online through each of the three main credit bureaus: Experian, Equifax [and] TransUnion," said Rathner.
Just be aware that it could lead to inconveniences, too.
"You can unfreeze it for your own applications but there will be a short delay. If you're buying a home, vehicle, or applying for a loan or credit card, give yourself time to work on this," said Sandberg.
"A lender or business won't be able to gain entry to your credit file until you unfreeze it."
Cybersecurity attacks happen all the time, but there are some best practices that could help protect your information in the future.
The key is staying vigilant, experts say.
One way to do that is to sign up for a credit monitoring service, if you're not offered one by the bank and are still worried.
You could also check your credit reports yourself to make sure fraudulent accounts haven't been opened in your name — and flag any reported balances that don't match up to your statements, said Rathner. Do this at least once every quarter.
Another option is to request notifications about activity on your accounts from banks and other service providers. "If the companies offer activity alerts via text or email, it may make sense for you to sign up for them," writes cybersecurity giant Norton by Symantec.
Watch out for scams
"Don't respond to phone calls or emails from creditors," warns Sandberg. "Call them using the phone number you find on the legitimate website."
Also, check that you're only visiting secure sites when browsing the web. "Reputable sites begin with https://. The "s" is key," says Norton by Symantec. "This is especially important when entering credit card or other personal information."
Lastly: Remember this could happen to anyone, anywhere.
"There are countless hacks going on all the time. We just don't hear about them because they're smaller, and the lenders and security teams tend to catch them before damage is done," said Sandberg.
"I'm a Capital One cardholder and will be doing all of this."