The trope of data also included 80,000 bank account numbers, all for secured credit card customers.
Such credit cards are usually held by consumers with low credit points or no credit history at all. This means that many of the 80,000 customers may find it difficult to recover from an identity theft if their exposed data is used to be ill.
What this means for secured credit card customers
Secured credit cards are meant to help people build or rebuild credit: They are offered people with a FICO score in the mid-600 and above who probably have no other credit options. The banks require cardholders to deposit cash equivalent to part or all of the card's credit limit before they can start using.
In short, the typical secured credit card customer is someone who "very sincerely tries to understand" how they can improve their financial position, Harzog said.
But that hard work could go up in smoke for the 80,000 Capital One secure credit card customers to whom the information was exposed during the breach.
If their data goes into the wrong hands, a fraudster could clear the victim's checking or savings account. Fortunately, according to CyberScout founder Adam Levin, most banks will restore stolen funds to victims' accounts within ten days. But for a seriously cash-strapped person, 1
And it could be worse: The Capital One secured cardholder identity number may also have been exposed to the breach, and identity theft could ruin a credit score.
Criminals only need social security numbers and a few other key pieces of personal information to cause serious harm. They can repair medical bills under someone else's name, open new credit card accounts and never pay the bills, or even take another mortgage in a victim's home.
Setting the record right after an identity theft can "become almost a full-time job for an extended period of time," Levin said.
And, Levin warned, if it seems like a scammer would be less likely to impersonate someone with a bad credit score – think again.
"To a hacker, you are Kim and Kanye because you have what they want: data," he said.