Linked by Thom Holwerda on Thu 7th Sep 2017 23:45 UTC

Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.

Names, social security numbers, birthdays, addresses, driver's license numbers, credit card numbers - this is a very big breach.

Interestingly enough, three executives of the credit reporting agency sold their shares in the company days after the breach was discovered.

Permalink for comment 648695
To read all comments associated with this story, please click here.
Member since:

The problem is not how private companies are using it, it's that your SSN is the sole ID number you have. Everything traces back to it. Federally issued licenses, real background checks (for security clearance for example), and passports are about the only thing in the US that requires proper identity verification beyond knowing your SSN. As a result, if you get someone's SSN, you in turn are then able to trivially impersonate them for a large majority of things that actually have an impact on their domestic life.

In contrast, in most countries in Europe, and quite a few other countries, you have either:
1. Some publicly available ID number that is used as nothing more than a database key by most companies and holds little to no weight by itself as a means of identification.
2. Independent ID numbers for most things, with no need to give any of them out when registering for trivial things like library cards that don't have any reason to require an actual ID number.

Reply Parent Score: 3