Linked by Thom Holwerda on Thu 7th Sep 2017 23:45 UTC
Legal

Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.

Names, social security numbers, birthdays, addresses, driver's license numbers, credit card numbers - this is a very big breach.

Interestingly enough, three executives of the credit reporting agency sold their shares in the company days after the breach was discovered.

Permalink for comment 648682
To read all comments associated with this story, please click here.
RE: Public social security numbers
by Alfman on Fri 8th Sep 2017 01:46 UTC in reply to "Public social security numbers"
Alfman
Member since:
2011-01-28

dark2,

I hear one of the European countries solves this problem by making their version of the social security number public information, that way anyone can look online an verify if they have the right person. The secret number thing just doesn't work at all.


Yes!

It is so stupid for companies to insist on using SSN as proof of authorization. SSN works fine as a form of unique ID, it is extremely useful to have a unique identifier for databases. But it *not* proof of consent and all the businesses using that way need to stop pretending that it is. Frankly if I had a say, I'd pass a law explicitly dismissing any liability for any transactions only backed by this federal ID number without a record of consent. It should be treated as public information.

Too often we just point fingers at the gate keepers for allowing the leak to happen, but what is really needed is to adapt security mechanisms that don't break when partners get hacked. We have much better security models we could be using if only businesses would stop relying on archaic security solutions. I wish we could collectively move to something more secure like PKI where security is not based on having shared secrets (like SSN, CC#), but alas I've been playing the same broken record for two decades now.

Reply Parent Score: 4