You keep it for how long?!
The pilfered data was submitted to Capital One by credit card hopefuls between 2005 and early 2019.
The real outrage here is not that the data was taken - it is that Capital One still keeps the data from 14-year old credit card applications, presumably including those where the application was refused or where the customer has cancelled the card long ago, and no longer has any business relationship with Capital One.
This is is exactly why we need tools like GDPR, and we need them agressively enforced by state regulators.
Biting the hand that feeds IT
