Linked by Thom Holwerda on Thu 7th Sep 2017 23:45 UTC
Legal

Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.

Names, social security numbers, birthdays, addresses, driver's license numbers, credit card numbers - this is a very big breach.

Interestingly enough, three executives of the credit reporting agency sold their shares in the company days after the breach was discovered.

Thread beginning with comment 648738
To view parent comment, click here.
To read all comments associated with this story, please click here.
daveak
Member since:
2008-12-29

You are missing the point. SSN are supposed to be unique. They are not. End of story. There is no problem in having a unique number. They just need to actually bloody be unique.

Reply Parent Score: 1

Alfman Member since:
2011-01-28

daveak,

You are missing the point. SSN are supposed to be unique. They are not. End of story. There is no problem in having a unique number. They just need to actually bloody be unique.


You cited one single example of a SSN mistake in the past 17 years. That's pretty damn good ;) I dare say it's probably higher than that and some social security administration mistakes are just going unreported, but it's nowhere near the exaggerated scales you've been citing. The "40 million Social Security numbers associated with more than one person" comes from people submitting invalid IDs on forms rather than errors by the social security administration.

Please try to understand what I'm saying: *everyone* agrees this is a problem but the root cause is the utter lack of security and NOT the unique numbers themselves.

Like the hotel room example, the problem isn't that rooms have unique numbers, it's the way we use them without any form of authentication. Someone should not be able to charge things to my room just because they know my room number, likewise someone should not be able to apply for credit in my name just because they have my federal ID number. It's the same thing, the number isn't the problem, but the use of it without authentication is.

Edited 2017-09-09 18:08 UTC

Reply Parent Score: 2