Capital One Breaches Exposed Account Numbers of Most Financially Vulnerable Customers
The trove of data also included 80,000 bank account numbers, all for secured credit card customers.
These credit cards are generally owned by consumers with low credit scores or no credit history at all. That means many of those 80,000 customers could struggle to recover from identity theft if their exposed data is used for malicious purposes.
What this means for secured credit card customers
Secured credit cards are meant to help people build or rebuild their credit: they’re offered to people with FICO scores in the mid-600s and below who likely don’t have other credit options. Banks require cardholders to deposit cash equal to all or part of the card’s credit limit before they can start spending.
In short, the typical secured credit card customer is someone who is “very sincerely trying to figure out” how to improve their financial situation, Harzog said.
But that hard work could go up in smoke for the 80,000 Capital One secure credit card customers whose information was exposed in the breach.
If their data falls into the wrong hands, a fraudster could empty the victim’s checking or savings account. Fortunately, according to According to Adam Levin, founder of CyberScout, most banks will return stolen funds to victims’ accounts within 10 days. But for someone short on cash, 10 days could still cause major disruption if the bills are due or the fridge is nearly empty.
And it could get worse: Social Security numbers of Capital One Secure Cardholders may also have been exposed in the breach, and identity theft can destroy a credit score.
Criminals only need a social security number and some other essential personal information to cause serious damage. They can rack paying medical bills in someone else’s name, opening new credit card accounts and never paying the bills, or even taking out a second mortgage on a victim’s home.
Setting the record straight after an identity theft can “become almost a full-time job for a long time,” Levin said.
And, Levin warned, if it looks like a fraudster would be less likely to impersonate someone with bad credit, think again.
“To a hacker, you’re Kim and Kanye, because you have what they want: data,” he said.