What’s in your wallet? Possibly a compromised credit profile. Capital One announced Monday that more than 100 million people in the U.S. and 6 million in Canada have been affected by a data hack that’s left their personal and financial information vulnerable.

According to MarketWatch, the hackers were able to secure credit scores, ZIP codes, email addresses, and birth dates of Capital One card members and applicants. Worse, roughly 140,000 Social Security numbers were nabbed. So were about 80,000 bank account numbers.

The company acted in concert with the FBI to investigate the hack, which Capital One says it first discovered on July 19. A suspect, Paige A. Thompson, was arrested in Seattle and charged with one count of computer fraud and abuse. At this point, Capital One has no indication the data has been used for fraudulent purposes, but there’s no way of knowing if that could change.

The company intends to reach out to cardholders affected by the crime to notify them of the hack and to offer two years of free credit monitoring, which has become the standard gratuity for companies trying to address the shaken faith of consumers. Recently, Equifax agreed to a settlement with the Federal Trade Commission (FTC) that would give consumers affected by their 2017 hack free credit monitoring or up to $125, with the option of claiming another $250 to $500 for time spent resolving fraud issues or identity theft as a result of compromised personal data.

If you’re concerned your information might be used for identity theft, it’s best to monitor your credit reports or cards for suspicious activity. If your bank account was compromised, notify your banking institution. You can also opt to “freeze” your credit profiles from the three major credit bureaus: Equifax, Transunion, and Experian. Freezing the reports prevents any business from checking them and makes opening new accounts impossible. If you want to open an account or take out a loan, however, you’ll need to unfreeze the reports.

[h/t MarketWatch]