Linked by Thom Holwerda on Thu 7th Sep 2017 23:45 UTC
Legal

Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.

Names, social security numbers, birthdays, addresses, driver's license numbers, credit card numbers - this is a very big breach.

Interestingly enough, three executives of the credit reporting agency sold their shares in the company days after the breach was discovered.

Thread beginning with comment 648680
To view parent comment, click here.
To read all comments associated with this story, please click here.
Thom_Holwerda
Member since:
2005-06-29

In most countries, the SSN isn't actually an ID number. The problem in America is not with the SSN in and of itself, but with its misuse as an ID number - because for some weird political reason, Americans don't want mandatory IDs (they'd rather have a deeply insecure and broken SSN used as an effectively mandatory ID as long as it's not called a mandatory ID because logic).

Edited 2017-09-08 00:50 UTC

Reply Parent Score: 6

ilovebeer Member since:
2011-08-08

You're always told to protect your SSN with your life, but then you can't do any banking without revealing it, you can't get non-emergency medical care, you can't be registered for school, etc etc etc... It's ridiculous. And of course these places are always having their data breached.

Here's the best part.. Once someone has you SSN, they can reverse everything else and essentially become you with *real* id, bank accts, etc. Once you find out they've trashed your credit, trashed your accounts, and trashed your life, you have to go on a very long & expensive fight to clear your name. And it's never truly cleared as if it all never happened. The shit is completely stupid and politicians do absolutely nothing to fix it.

Reply Parent Score: 8

Alfman Member since:
2011-01-28

ilovebeer,

You're always told to protect your SSN with your life, but then you can't do any banking without revealing it, you can't get non-emergency medical care, you can't be registered for school, etc etc etc... It's ridiculous. And of course these places are always having their data breached.

...The shit is completely stupid and politicians do absolutely nothing to fix it.


You get it. This is one of those things that annoys the hell out of many tech people, but many ordinary people haven't really considered that the process is fundamentally broken. They view the problem as hackers getting through the defense walls. They think having bigger and stronger walls will keep them out. We know better, but this is how many people think.

Reply Parent Score: 7

Alfman Member since:
2011-01-28

Thom Holwerda,

In most countries, the SSN isn't actually an ID number. The problem in America is not with the SSN in and of itself, but with its misuse as an ID number - because for some weird political reason, Americans don't want mandatory IDs (they'd rather have a deeply insecure and broken SSN used as an effectively mandatory ID as long as it's not called a mandatory ID because logic).


I'm a bit confused with what you mean here, how is SSN being misused as an ID number? IMHO the federal government is doing the correct thing by assigning everyone a unique number. The big problem is how private companies are using it and making horribly flawed assumes about SSN security.

Reply Parent Score: 2

benoitb Member since:
2010-06-29

In France you can vote, have insurance, open bank accounts without giving a number that is your single unique identifier.

There is a number on your ID card that nobody ever asks. Another number on your passport if you have one (only necessary if you travel out of Europe). You are not legally obliged to get any of these documents.

Another number for social security.

I have not heard horror stories of people getting impersonated.

The downside is that for most procedures you are asked to provide documents justifying that you have been living in some place for 3 months.

Reply Parent Score: 2

ahferroin7 Member since:
2015-10-30

The problem is not how private companies are using it, it's that your SSN is the sole ID number you have. Everything traces back to it. Federally issued licenses, real background checks (for security clearance for example), and passports are about the only thing in the US that requires proper identity verification beyond knowing your SSN. As a result, if you get someone's SSN, you in turn are then able to trivially impersonate them for a large majority of things that actually have an impact on their domestic life.

In contrast, in most countries in Europe, and quite a few other countries, you have either:
1. Some publicly available ID number that is used as nothing more than a database key by most companies and holds little to no weight by itself as a means of identification.
or:
2. Independent ID numbers for most things, with no need to give any of them out when registering for trivial things like library cards that don't have any reason to require an actual ID number.

Reply Parent Score: 3

daveak Member since:
2008-12-29

IMHO the federal government is doing the correct thing by assigning everyone a unique number.


While the intention is to be unique, they are not.

https://www.nbcnews.com/technology/odds-someone-else-has-your-ssn-on...

and a quick google will find many more articles.

Reply Parent Score: 2

Lennie Member since:
2007-09-22

If I remember correctly, this video explains it (but I lack the time right now to check it): https://www.youtube.com/watch?v=Erp8IAUouus

Reply Parent Score: 2

dark2 Member since:
2014-12-30

for some weird political reason, Americans don't want mandatory IDs


The problem is the people that want mandatory IDs want to use it as a platform to "fight voter fraud," which always means use it as a way to stop people we don't like from voting.

Reply Parent Score: 3