| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by ajross 3206 days ago
	#1 seems almost certain if the spilled data really is as extensive as it seems. The government would be all but forced to go to some other mechanism (or at worst just open up a new space of numbers and give everyone a 12-digit "SSN+"). It's possible that the "possibly affecting 144M customers" bit is spun though and that only a tiny fraction of that ever left the datacenter. With #2, nothing is going to change. The credit agencies business isn't identifying people (as we are discussing, they outsource that to the government), it's tracking credit activity. And that works extraordinarily well from the perspective of its customers (the banks). If Equifax dies, Experian and TransUnion will just see more business. If they all die, the banks will find some way to do this for themselves.

1 comments

otakucode 3206 days ago

I don't know about that. The OPM hack was even worse in terms of data released. Seriously, it included actual images of peoples fingerprints ffs. Along with all biographical information of the people submitted to receive a security clearance background check. I think it may have hit fewer people, but I expect the result will be the same: 18 months of free credit monitoring and after that we pretend that somehow your SSN and all other details must no longer be a threat to you being out in the wild. Sure, in 30 years when someone digs it up and ruins your life with it, why make that OPM agency liable for it? I'm sure they hired top-notch security guys, paid them handsomely, and structured things such that not even the president of the USA could contravene their practices, right? Right?

Oh, a computer was involved. So hire the cheapest person you can find who can half make it work, let even the low level managers do whatever they want, and when it gets hacked blame somebody else. It's computers. NOBODY knows how they work!

ajross 3206 days ago

The Equifax dump (again, if it's really as described) is literally 10x larger than OPM. It's true that the OPM data was "worse" by abstract ideas of personal privacy, but not that the breach is worse from the perspective of "will drive government action".

Again, if there are really 144M valid SSN/name/address tuples out there in the wild, then very soon banks will simply no longer be able to authenticate applications for new accounts. They'll be swamped with fraud (remember that by US law, credit card fraud is their liability, not the consumer's), and demand action by the government to fix it.

But like I said, "if".