Linked by Thom Holwerda on Thu 7th Sep 2017 23:45 UTC

Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.

Names, social security numbers, birthdays, addresses, driver's license numbers, credit card numbers - this is a very big breach.

Interestingly enough, three executives of the credit reporting agency sold their shares in the company days after the breach was discovered.

Thread beginning with comment 648821
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:

It's a liitle bit different in Germany: You are forced to "buy" an ID card ("Personalausweis", personal identification) for a relatively high price (compared to the actual costs of creating the ID card), and it has a built-in expiration date. If you do not have one, you'll be facing a quite heavy fine. After expiration, you may not keep the (invalidated) ID card. It also contains "online functionality" which doesn't actually work and is also insecure.

Whoa, I can't believe I'm saying this, but it looks like Poland is "nicer" than Germany in some respect: in PL the ID card ("dowód osobisty", ~personal ~proof ...which BTW was made first required under occupation by Nazi Germany ;) ) is free (it wasn't that way untill few years ago - you had to pay a small fee - but a court established that sinve it was mandatory, it shouldn't cost anything). It also expires / lasts for 10 years. I think you can also be fined for not having one. You may also not keep it after expiration. Latest-gen ID cards, issued from 2015 IIRC (and long in the planning stages...), were supposed to have a chip/"online functionality" ...but it was ultimatelly cancelled.

A passport ("Reisepaß", travel passport) is fully optional. It is more expensive than the ID card. In many cases, it can substitute the regular ID card, but often requires that you also have a registration card ("Meldebescheinigung", certificate of residence) because the passport doesn't contain your postal address. This additional document of course also costs some money.

Here even the ID card doesn't have your adress! (the post-2015 ones; previous gen does have the adress, but it was removed in current gen)

However, revealing the identification numbers of those documents (which identify the document, not the person!) is typically not needed. Data protection and privacy laws provide strong regulations about what may be obtained and stored by private companies.

In PL we have personal number "PESEL" which is printed on ID cards and typically required by banks or hospitals ...but it seems we avoid the issues plaguing US with its SSN, I think largely because the number is used mostly only as a database key and not a proof of identification/authentication by itself (for that, you need to show the ID card) ...though there are exceptions to this - I remember that during 2010 EU-wide census, you could login to the census webpage with nothing more than the personal number, and there were some instances of abuse...

Edited 2017-09-13 22:58 UTC

Reply Parent Score: 2