Linked by Thom Holwerda on Thu 7th Sep 2017 23:45 UTC
Legal

Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.

Names, social security numbers, birthdays, addresses, driver's license numbers, credit card numbers - this is a very big breach.

Interestingly enough, three executives of the credit reporting agency sold their shares in the company days after the breach was discovered.

Thread beginning with comment 648757
To read all comments associated with this story, please click here.
In socialist Sweden...
by Megol on Mon 11th Sep 2017 20:58 UTC
Megol
Member since:
2011-04-11

... the personal identifier is used as a key, it contains the date of birth, sex, location of birth combined with a running counter whose size depends on the location (highly populated areas need to support more births per day). There's also a simple checksum.

With the personal id number one can get the name. With the name one can get the current living address. With the name and address one can get the id number. Oh and the declared income and tax returns, marital status and cars owned too - it's all available if one really want to find out.

The only problems with this kind of system (except for paranoid people - those that have reason to be paranoid can get their data tagged secret for normal accesses) is in combination in bad systems design.

Reply Score: 2