[otakucode]

I don't know about that. The OPM hack was even worse in terms of data released. Seriously, it included actual images of peoples fingerprints ffs. Along with all biographical information of the people submitted to receive a security clearance background check. I think it may have hit fewer people, but I expect the result will be the same: 18 months of free credit monitoring and after that we pretend that somehow your SSN and all other details must no longer be a threat to you being out in the wild. Sure, in 30 years when someone digs it up and ruins your life with it, why make that OPM agency liable for it? I'm sure they hired top-notch security guys, paid them handsomely, and structured things such that not even the president of the USA could contravene their practices, right? Right?

Oh, a computer was involved. So hire the cheapest person you can find who can half make it work, let even the low level managers do whatever they want, and when it gets hacked blame somebody else. It's computers. NOBODY knows how they work!

[ajross]

The Equifax dump (again, if it's really as described) is literally 10x larger than OPM. It's true that the OPM data was "worse" by abstract ideas of personal privacy, but not that the breach is worse from the perspective of "will drive government action".

Again, if there are really 144M valid SSN/name/address tuples out there in the wild, then very soon banks will simply no longer be able to authenticate applications for new accounts. They'll be swamped with fraud (remember that by US law, credit card fraud is their liability, not the consumer's), and demand action by the government to fix it.

But like I said, "if".