At what point can we start demanding that SSNs be redefined? I've lost track of how many data breaches I've unwittingly been the victim of, and I'm usually more careful and paranoid than most.
When can we move away from SSNs being a pseudo secret? They have obviously been leaked everywhere at this point.
Relatedly, is there an up to date guide on how I am supposed to freeze my credit? Last I looked, it required handing over all of my PII, which I found super distasteful, but I should accept none of it is secret and do the minimum to protect myself from ~financial institutions falling for fraud~ identity theft.
It's amazing to me how just getting your name and SSN leaked opens you up to much risk. It's equally amazing how this is a decades-long problem that hasn't been addressed.
I have to wonder what systems other countries use for identifying citizens and how secure they are compared to SSNs.
Just one number away from being able to cancel the voter registration of anyone you want in Georgia.
https://www.usatoday.com/story/news/politics/elections/2024/...
Original Bloomberg article: https://news.bloomberglaw.com/privacy-and-data-security/back... (https://archive.is/jIfW8)
Are there 2.9B SSNs?
I am not sure how to approach it anymore. Frankly, since equifax breach and settlement I mostly gave up on hoping for any real change[1]. Whatever the catalyst will be for a shake up, it clearly won't be another -- sufficiently big -- breach. I was too optimistic about that.
It will need to be something public, scandalous and, ideally, affecting someone powerful enough to effect change and privacy-conscious enough to be pissed off enough to want to do anything about it.
edit:[1]https://www.reuters.com/legal/government/illinois-governor-a...
edit2: By scandalous I mean something that average person cares about. Based on initial reaction to this particular breach, I do not think it meets the criteria.
Was this US only? I'm from EU, and since yesterday I received 2 threat e-mails in broken English with part of my phone number linked. Never had anything like that happen before.
"National Public Data" sounds like the name of a nonprofit with a nationwide presence, like NPR or PBS, but it's just the trade name for "Jerico Pictures," a small Florida company with (judging from Crunchbase) 1-10 employees. Shouldn't there be regulations for names like this, similar to how the National Bank Act controls the use of "National" in names of financial institutions?
I think that there is potential bipartisan support (among voters, not representatives...) for federal privacy laws that institute heavy fines for leaking personal data based on median household income, as well as requiring chain of custody to be tracked for all personal data. Unfortunately, I don't think our representatives are very interested in implementing this for us.
It wasn’t a data breach so much as the owner of this business allowing data fraud and identity theft to occur. The company is guilty of allowing this data theft through their business malpractices. They’re also guilty for having this data wholly in the first place. Punitive damages to bankrupt these companies are needed so that all industries get the message.
Here is the complaint:
https://ia800801.us.archive.org/26/items/gov.uscourts.flsd.6...
Good. The sooner systems design people stop thinking that SSNs are UUIDs the better.
How much has to happen before we pass legislating forbidding SSN as ID?
Anyone know if we could have requested our data deleted from National Public Data per CCPA? If so, what other huge databrokers have the same data that we can request deletion?
Something you have, something you know, something you are: SSN!
My point is, OK I know my information has been sold left and right, plus leaked. But I want my $4.99 every time it gets sold! I need a piece of the action.
There are only 450 million social security numbers (so far). How can 2.9 billion of them been exposed?
Maybe we should stop using SSNs for things they were never intended for. Crazy talk, I know.
> HSA provider HealthEquity
It’s really hard to read LLM generated articles.
Let me guess they will offer some credit monitoring and move on because we do not have any real consequences for breaches of privacy or security.
>As reported by Bloomberg, news of this massive new data breach was revealed as part of a class action lawsuit that was filed at the beginning of this month.
I am so looking forward to getting my 2.99 USD check from this suit. Of course I need to apply for that check via an on-line site and give them all my personal information.
Great time to be alive.