Capital One Data Breach Exposes Social Security Numbers, Bank Accounts

A woman from Seattle has been arrested after claiming credit online for a major hack of Capital One that exposed around 100 million credit card applications and included some social security numbers and bank account numbers.

  • Credit card numbers and log-in credentials were reportedly not included in the hack
  • The only social security numbers that were exposed were around 140,000 that were used as employer ID numbers applying for small business cards as a sole proprietorship
  • However “names, addresses, dates of birth and information regarding their credit history has not been tokenized” and thus were exposed.

The woman had worked for a cloud computer firm that authorities haven’t identified which “provided data services to Capital One” but the Seattle location of the perpetrator provides some clues.

At this point we’re probably immune to being surprised or even troubled by data breaches, maybe we were troubled by Equifax and Marriott but at this point doesn’t it all seem so de rigueur?

Don’t forget though your DMV photos have been scooped up into an FBI and an ICE database and used for government surveillance. The FBI has a huge DNA database, too. United Airlines and Delta own stakes in CLEAR which stores passenger biometrics. Oddly what some people are worried about is Facebook’s data privacy.

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »


  1. Not sure if you’re trolling or not.

    “what some people are worried about is Facebook’s data privacy”

    It all matters. It’s not a question for this OR this. It’s a question of this AND that.

    For somebody that regularly includes links to Papers Please, I expected you were better informed.

  2. Thanks Gary for the heads up. Databreaks like this are scary. Yea, and I do think we are heading for a “Minority Report’ (movie) kind of world.

  3. It’s time to be imposing gargantuan fines on these companies which do not safeguard our information. These half hearted apologies and free monitoring service they always come up with as a token gesture just don’t cut it. Fines need to be big enough that they really hurt, so they will stop shrugging off these breaches as a cost of doing business and get serious about protecting our data.

  4. Unless you are living off of the grid, ( perhaps not on the grid is clearer), your personal data is compromised .
    I noticed a smart meter installed at my house. Now, some data sleuth at the power company can see in real time if electric use is unusually low and tell some nefarious accomplices that my house may be a good target.

  5. Quite aside from the data theft, while searching the perpetrator’s rented residence they apparently found the landlord, a convicted felon, to possess an arsenal of over twenty firearms including semi-automatic mass-shooters and bump stocks.

  6. As others have stated, the only way to fix this is through massive fines. If a bank loses my money, I’m guaranteed up to $250,000. If a company loses my private data and exposes my future earnings, retirement, travel abilities, credit and security to risk, I get jack-squat.

    How about impose a cool $100,000 PER PERSON fine for any such data breach, due to the affected victims.

    You can sure as hell guarantee that companies will take it seriously. Bonus: Should be great for the economy as companies actually begin to hire/train IT security professionals.

  7. Gary, there’s nothing ‘odd’ about being wary of Facebook’s compiling, collating, exploiting, and mishandling of all the data, photos, and communications of so many people, businesses, and entities around the world. Even never signing up doesn’t protect you.

  8. Why is it odd to be worried about one bad thing just because another bad thing also exists?

  9. God get over it people. We live in a connected world so your info is already out there. I’ve been in IT 39 years and also know some hackers. Anyone willing to pay a nominal amount (less than $100) can get pretty much any personal data (including in many cases things like SSN, drivers license number etc) on any of you. I just love to give the clueless people me more thing to worry about. Have lifelock, review credit reports regularly, check credit card charges in detail on a refusal basis and make sure there aren’t any leins you don’t know about on your home (mortgage fraud). That is all you can do and if you aren’t taking these steps you are crazy. The info is out there so no need to worry about that – just see if you were adversely impacted and, if so, remediate it quickly

Leave a Reply

Your email address will not be published. Required fields are marked *