In what is one of the biggest thefts of bank data ever, more than 100 million Americans had their personal information compromised after a software engineer in Seattle hacked into a server holding customer information for Capital One. 

Capital One, which is based in McLean, Virginia, apologized for the breach and said that more than 100 million people in the U.S. could have had their personal information exposed, including names, addresses, dates of birth, credit history, social security numbers, and bank account numbers.

Virginia Attorney General Mark Herring warned Virginia consumers to be vigilant, saying “millions of Virginians may have been impacted” and even those who did not bank with Capital One should watch for any suspicious activity.

“If you think you have been a victim of identity theft please contact my office immediately. We do not know the scope of the damage created by this data breach yet, but I will monitor the situation and keep Virginians updated,” Herring said.

If you’re concerned your personal information was compromised, you can visit the Victim Notification Program’s Identity Theft Guide for information on how to protect your personal information and what to do if you think you’ve been the victim of identity theft.