The Capital One hack is of the largest data breaches ever — and among those affected are some of the bank's most financially vulnerable customers.
The bank and the US Department of Justice revealed Monday that a hacker was able to access private data for more than 100 million Capital One customers. Social Security numbers, credit card applications, home addresses, credit scores, credit limits and balances were exposed.
The trove of data also included 80,000 bank account numbers, all of them for secured credit card customers.
Such credit cards are typically held by consumers with low credit scores or no credit history at all. That means many of those 80,000 customers could have a hard time recovering from an identity theft if their exposed data is used for ill.
It's not yet clear if anyone's identity was stolen as a result of the Capital One breach. The company said the vulnerability that allowed the hack, which occurred in March, has been fixed and that it's "unlikely that the information was used for fraud or disseminated." Capital One said it's still investigating.
What this means for secured credit card customers
Secured credit cards are intended to help people build or rebuild credit: They're offered to people with FICO scores in the mid-600s and below who likely have no other credit options. Banks require card holders to deposit cash equal to some or all of the card's credit limit before they can start spending.
Many of the consumers who opt for a secured credit card are fresh off a personal crisis, such as a medical emergency, divorce or sudden unemployment that hammered their credit score, said Beverly Harzog, a credit card expert and analyst at US News & World Report. Immigrants and young Americans who do not have a credit history also may use the cards as a starting point. And people who ruined their credit scores with reckless spending may use a secured card to help them get back on track.
In short, the typical secured credit card customer is someone who is "very sincerely trying to understand" how to improve their financial standing, said Harzog.
But that hard work could go up in smoke for the 80,000 Capital One secure credit card customers whose information was exposed during the breach.
If their data gets into the wrong hands, a fraudster could drain the victim's checking or savings account. Fortunately, according to CyberScout founder Adam Levin, most banks will restore stolen funds to victims' accounts within 10 days. But for a severely cash-strapped person, 10 days could still cause a major disruption if bills are due or the fridge is near empty.
And it could get worse: The Social Security numbers of Capital One secured card holders may also have been exposed in the breach, and identity theft can destroy a credit score.
Criminals need only a Social Security number and a few other key bits of personal information to cause serious damage. They can rack up medical bills under someone else's name, open new credit card accounts and never pay the bills, or even take out a second mortgage on a victim's home.
Setting the record straight after an identity theft can "become almost a full-time task for an extended period of time," Levin said.
Harzog, the credit card expert, said it's particularly important for secured credit card customers to take Capital One up on its offer to give free credit monitoring and identity protection. Experts also recommend affected people keep a close eye on their credit reports for any unexplained activity, watch their bank statements for any unfamiliar expenses, and even freeze their credit to stave off fraudsters.
And, Levin warned, if it seems like a fraudster would be less likely to impersonate someone with a bad credit score — think again.
"To a hacker you are Kim and Kanye, because you've got what they want: data," he said.