{"id":136310,"date":"2018-05-08T18:24:06","date_gmt":"2018-05-09T00:24:06","guid":{"rendered":"http:\/\/hill-kleerup.org\/blog\/?p=136310"},"modified":"2018-05-08T22:12:40","modified_gmt":"2018-05-09T04:12:40","slug":"so-last-years-equifax-breach-was-even-more-awful-than-previously-revealed","status":"publish","type":"post","link":"https:\/\/hill-kleerup.org\/blog\/2018\/05\/08\/so-last-years-equifax-breach-was-even-more-awful-than-previously-revealed.html","title":{"rendered":"So last year’s Equifax breach was even more awful than previously revealed"},"content":{"rendered":"

Largely because Equifax didn’t reveal a lot of the details because state laws didn’t require them to.<\/p>\n

A certain amount of the data stolen for millions (tens of millions, hundreds of millions) of Americans is of vague concern because it’s private information that is now presumably available to any black hat who wants to buy it.<\/p>\n

But the real impact is on identity theft — being able to claim to some entity, “Well, yes, of course I am Jason Quill — here, I know the last four digits of Jason Quill’s Social Security Number, his birthdate, and his drivers license number.” Because those bits of data were stolen from Equifax.<\/p>\n

Aside from hitting Equifax with legal baseball bats for a while, the only other obvious solution is to stop treating these data as “secret” and “proof of identity.” If someone said, “Of course I’m Jason Quill, because I know my first name,” people would laugh. We need to treat SSN, DL, DoB, email address, credit card number, as similarly compromised.<\/p>\n

That’s tough. And expensive. How does Internet commerce work if we assume that’s the case? But it is<\/i> the case, and pretending otherwise is not going to solve the problem.<\/p>\n


\n
\n<\/a>
\nEquifax breach exposed millions of driver\u2019s licenses, phone numbers, emails<\/a><\/span>
\n17.6 million driver’s license numbers, thousands of ID images stolen in breach.<\/p><\/blockquote>\n

View on Google+<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Largely because Equifax didn’t reveal a lot of the details because state laws didn’t require them to. A certain amount of the data stolen for millions (tens of millions, hundreds of millions) of Americans is of vague concern because it’s private information that is now presumably available to any black hat who wants to buy … Continue reading “So last year’s Equifax breach was even more awful than previously revealed”<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":134809,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_seopress_robots_follow":"","_seopress_robots_imageindex":"","_seopress_robots_snippet":"","_seopress_robots_primary_cat":"","_seopress_robots_breadcrumbs":"","_seopress_robots_freeze_modified_date":"","_seopress_robots_custom_modified_date":"","_seopress_robots_canonical":"","_seopress_social_fb_title":"","_seopress_social_fb_desc":"","_seopress_social_fb_img":"","_seopress_social_fb_img_attachment_id":0,"_seopress_social_fb_img_width":0,"_seopress_social_fb_img_height":0,"_seopress_social_twitter_title":"","_seopress_social_twitter_desc":"","_seopress_social_twitter_img":"","_seopress_social_twitter_img_attachment_id":0,"_seopress_social_twitter_img_width":0,"_seopress_social_twitter_img_height":0,"_seopress_redirections_value":"","_seopress_redirections_enabled":"","_seopress_redirections_enabled_regex":"","_seopress_redirections_logged_status":"","_seopress_redirections_param":"","_seopress_redirections_type":0,"_seopress_analysis_target_kw":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[106,35,375],"tags":[1207,1579,119],"class_list":["post-136310","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-plusposts","category-big-business","category-computer-security","tag-equifax","tag-pii","tag-security"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/Equifax+HQ.jpgimgmax=660.jpg","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":134808,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/09\/21\/equifax-breach-round.html","url_meta":{"origin":136310,"position":0},"title":"My Equifax Breach Round-Up","author":"***Dave","date":"Thu 21-Sep-17 8:24am","format":false,"excerpt":"The news cycle on all of this has settled down finally, so I feel like I can determine some coherent recommendations of what to do. That's different from what we need to do nationally (stop treating the SSN as a secret password and unique identifier, for one), but that's a\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/Equifax%2BHQ.jpgimgmax%3D660.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":134918,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/10\/04\/irs-hired-equifax-help-verify-identity-yes-really.html","url_meta":{"origin":136310,"position":1},"title":"The IRS has hired Equifax to help verify your identity. Yes, really","author":"***Dave","date":"Wed 4-Oct-17 10:30am","format":false,"excerpt":"Equifax's CEO was just before congress testifying how the company's ineptness allowed a prolonged series of hacks to unveil the names, SSNs, DoBs, and other key identifying data of 150 million Americans (and some Canadians and Brits). That data could be invaluable in, among other things, tax fraud. Which is\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/Equifax%2BHQ.jpgimgmax%3D660.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":134647,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/09\/11\/the-equifax-debacle.html","url_meta":{"origin":136310,"position":2},"title":"The Equifax Debacle","author":"***Dave","date":"Mon 11-Sep-17 11:51am","format":false,"excerpt":"Yeah, pretty much this. I'm following along the news as the best \"next\" steps to take as a consumer. Things continue to change so fast in terms of (a) things Equifax is doing and (b) ways Equifax is being criticized for stuff they are doing, that taking any steps for\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/equifax-comic.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":134597,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/09\/07\/basically-consider-worst-personal-identity-data-breach-ever.html","url_meta":{"origin":136310,"position":3},"title":"So basically consider this the worst personal identity data breach ever","author":"***Dave","date":"Thu 7-Sep-17 6:27pm","format":false,"excerpt":"Equifax is one of the three major consumer credit reporting agencies, with oodles of information about every American consumer and their finances. And they got hacked, and about 143 million people's data -- addresses, SSNs, birth dates, even drivers license numbers -- are in the wild. They have a page\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/unnamed-3.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":134736,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/09\/18\/social-security-numbers-broken-alternative.html","url_meta":{"origin":136310,"position":4},"title":"Social Security Numbers are broken. What is the alternative?","author":"***Dave","date":"Mon 18-Sep-17 11:41am","format":false,"excerpt":"We are increasingly a data-driven world. There are electronic records about us everywhere, and we rely on them in a thousand different ways to identify us. But anyone who's ever worked with a system that tries to reliably and consistently identify people knows that it's a problem. What identifier is\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/Equifax-HQ.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":132507,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/01\/05\/if-you-cant-trust-a-credit-reporting-agency-who-can-you-trust.html","url_meta":{"origin":136310,"position":5},"title":"If you can't trust a credit reporting agency, who can you trust?","author":"***Dave","date":"Thu 5-Jan-17 2:30am","format":false,"excerpt":"Well, apparently, nobody.'[O]n Tuesday, the Consumer Financial Protection Bureau announced that two of the three major credit-reporting agencies responsible for doling out those scores\u2014Equifax and Transunion\u2014have been deceiving and taking advantage of Americans. The Bureau ordered the agencies to pay more than $23 million in fines and restitution. In their\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/136310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=136310"}],"version-history":[{"count":1,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/136310\/revisions"}],"predecessor-version":[{"id":136327,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/136310\/revisions\/136327"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media\/134809"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=136310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=136310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=136310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}