Largely because Equifax didn’t reveal a lot of the details because state laws didn’t require them to.
A certain amount of the data stolen for millions (tens of millions, hundreds of millions) of Americans is of vague concern because it’s private information that is now presumably available to any black hat who wants to buy it.
But the real impact is on identity theft — being able to claim to some entity, “Well, yes, of course I am Jason Quill — here, I know the last four digits of Jason Quill’s Social Security Number, his birthdate, and his drivers license number.” Because those bits of data were stolen from Equifax.
Aside from hitting Equifax with legal baseball bats for a while, the only other obvious solution is to stop treating these data as “secret” and “proof of identity.” If someone said, “Of course I’m Jason Quill, because I know my first name,” people would laugh. We need to treat SSN, DL, DoB, email address, credit card number, as similarly compromised.
That’s tough. And expensive. How does Internet commerce work if we assume that’s the case? But it is the case, and pretending otherwise is not going to solve the problem.
Equifax breach exposed millions of driver’s licenses, phone numbers, emails
17.6 million driver’s license numbers, thousands of ID images stolen in breach.
You hit the nail on the head!