Image from Associated Insurance Agency
Many have heard about Equifax’s security breach recently, but what exactly happened? And what does it mean for the future of identification?
On September 7th, Equifax went public about their personal data breach that dwarfs the hacks of other companies, like the 5 million in a Kansas department of Commerce leak, or even Anthem’s 80 million. Equifax’s lack of security may have exposed 143 million identities in the U.S., nearly half of its 325 million population. This means you have a roughly 44% chance that someone out there has your personal data that could be used to open up lines of credit, access your bank account, and a multitude of other not so fun things for you, and that’s just counting this one security breach. Others put you at an even higher risk level, according to Wired.com, Jeremiah Grossman from SentinalOne says “it’s a safe assumption that everyone’s social security has been compromised and their identity data has been stolen”. The proliferation of identity theft in recent years is bringing into question what we use to identify ourselves.
It isn’t only the rising rate of identity theft that is prompting discussions on moving identification away from SSNs. In fact as Wired.com points out, the Social Security Administration (SSA) states that “The card was never intended to serve as a personal identification document” Once your social is compromised, there’s no way to get it back or stop someone from trying to use it, it’s nigh impossible to get a new one, and if you do manage to, it’s still linked to the one that got stolen. In contrast, if your credit card gets stolen, you call, cancel, and get a new card.
With how permanent and pernicious a problem of stolen identity is, you would think there would be unbelievably tight security measures for companies who are entrusted with it. In Equifax’s case, the breach was completely avoidable, and due to not up-keeping their software as a company storing highly sensitive information should. There was a bug in the open source software Equifax uses, which the developers quickly noted and produced a patch for the issue. In March. The hackers did not begin siphoning information until May, which means the company had two months between when the patch was available, and the bug was exploited in which they could have resolved the issue before it became one.
This blatant neglect in the handling of information, and other credit bureau faux pas, such as Equifax’s payroll hack, and Experian’s data leak of 15 million, and the irreparability of mishandled Socials, is forcing us to reconsider how we identify. It’s very possible that in the near future, Social Security Numbers will once again only be used for Social Security reasons, and we’ll have an entirely new way to prove who we are. Maybe we’ll all get DNA chips in our arms or something, who knows?
Though I have various sources, the subject and the main of the information came from multiple Wired.com articles. There is an obvious bias in these articles as an annoyed citizen, (at least I presume citizen), against a company who through neglect put their identity at risk. That being said, who isn’t frustrated and biased against Equifax right now? All of the information I checked in the articles held up from different sources, and the fact that all of the Wired.com articles about Equifax that I read were penned by the same author gives me more faith that this reporter is well informed on the subject.