Linked by Thom Holwerda on Thu 7th Sep 2017 23:45 UTC
Legal

Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.

Names, social security numbers, birthdays, addresses, driver's license numbers, credit card numbers - this is a very big breach.

Interestingly enough, three executives of the credit reporting agency sold their shares in the company days after the breach was discovered.

Thread beginning with comment 648679
To read all comments associated with this story, please click here.
Public social security numbers
by dark2 on Fri 8th Sep 2017 00:43 UTC
dark2
Member since:
2014-12-30

I hear one of the European countries solves this problem by making their version of the social security number public information, that way anyone can look online an verify if they have the right person. The secret number thing just doesn't work at all.

Reply Score: 4

Thom_Holwerda Member since:
2005-06-29

In most countries, the SSN isn't actually an ID number. The problem in America is not with the SSN in and of itself, but with its misuse as an ID number - because for some weird political reason, Americans don't want mandatory IDs (they'd rather have a deeply insecure and broken SSN used as an effectively mandatory ID as long as it's not called a mandatory ID because logic).

Edited 2017-09-08 00:50 UTC

Reply Parent Score: 6

ilovebeer Member since:
2011-08-08

You're always told to protect your SSN with your life, but then you can't do any banking without revealing it, you can't get non-emergency medical care, you can't be registered for school, etc etc etc... It's ridiculous. And of course these places are always having their data breached.

Here's the best part.. Once someone has you SSN, they can reverse everything else and essentially become you with *real* id, bank accts, etc. Once you find out they've trashed your credit, trashed your accounts, and trashed your life, you have to go on a very long & expensive fight to clear your name. And it's never truly cleared as if it all never happened. The shit is completely stupid and politicians do absolutely nothing to fix it.

Reply Parent Score: 8

Alfman Member since:
2011-01-28

Thom Holwerda,

In most countries, the SSN isn't actually an ID number. The problem in America is not with the SSN in and of itself, but with its misuse as an ID number - because for some weird political reason, Americans don't want mandatory IDs (they'd rather have a deeply insecure and broken SSN used as an effectively mandatory ID as long as it's not called a mandatory ID because logic).


I'm a bit confused with what you mean here, how is SSN being misused as an ID number? IMHO the federal government is doing the correct thing by assigning everyone a unique number. The big problem is how private companies are using it and making horribly flawed assumes about SSN security.

Reply Parent Score: 2

dark2 Member since:
2014-12-30

for some weird political reason, Americans don't want mandatory IDs


The problem is the people that want mandatory IDs want to use it as a platform to "fight voter fraud," which always means use it as a way to stop people we don't like from voting.

Reply Parent Score: 3

Alfman Member since:
2011-01-28

dark2,

I hear one of the European countries solves this problem by making their version of the social security number public information, that way anyone can look online an verify if they have the right person. The secret number thing just doesn't work at all.


Yes!

It is so stupid for companies to insist on using SSN as proof of authorization. SSN works fine as a form of unique ID, it is extremely useful to have a unique identifier for databases. But it *not* proof of consent and all the businesses using that way need to stop pretending that it is. Frankly if I had a say, I'd pass a law explicitly dismissing any liability for any transactions only backed by this federal ID number without a record of consent. It should be treated as public information.

Too often we just point fingers at the gate keepers for allowing the leak to happen, but what is really needed is to adapt security mechanisms that don't break when partners get hacked. We have much better security models we could be using if only businesses would stop relying on archaic security solutions. I wish we could collectively move to something more secure like PKI where security is not based on having shared secrets (like SSN, CC#), but alas I've been playing the same broken record for two decades now.

Reply Parent Score: 4

leech Member since:
2006-01-10

Well, there are two types of worry about the SSNs being out there now. The stupidity that with that number and basically a matching name, you can change address, name, bank information, etc.

Then there is the full on Identity theft, but on that side of things to have someone become you is probably a bit less likely, since there are already tons of dead people's SSNs out there thanks to many years back one of the genealogy sites were posting their SSNs...

But who knows, I'm thinking more than likely the biggest ones at risk for fraud here are the ones who have a high credit rating... And the fact that I don't think any of us really have a choice whether or not the big three can have our credit history to have that score. So pretty much every grown adult in the US that has any sort of credit history is potentially boned.

Reply Parent Score: 3