It is sad we already have the databreach tag. 
http://phx.corporate-ir.net/mobile.view?c=70667&v=203&d=1&id=2405042
The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income. Beyond the credit card application data, the individual also obtained portions of credit card customer data, including:
Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018No bank account numbers or Social Security numbers were compromised, other than:
About 140,000 Social Security numbers of our credit card customers
About 80,000 linked bank account numbers of our secured credit card customers
Emphasis mine.
- HAH WTF data going back to 2005? Jeez, that stuff should be in a vault.
- “No bank account numbers or Social Security numbers were compromised, other than” - The second half of this sentence is calling the first half a liar! This part upsets me the most. That’s like saying “Your body scan revealed no cancer, other than 140,000 cancer cells.” I hate this very much.