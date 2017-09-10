Equifax Breach Provokes Calls For Serious Data Protection Reforms (wired.com) 23
Equifax's data breach was colossal -- but what should happen next? The Guardian writes: The problem is that companies like Equifax are able to accumulate -- essentially, without limit -- as much sensitive, personal data as they can get their hands on. There is an urgent need for strict regulations on what types of data companies can collect and how much data a company can possess, both in aggregate and about individuals. At the very least, this will lessen the severity and size of (inevitable) data breaches... Without putting hard limits on the data capitalists who extract and exploit our personal information, they will continue to reap the benefit while we bear the risks.
Marc Rotenberg, president of the Electronic Privacy Information Center, adds, "we need to penalize companies that collect SSNs but can't protect [them]." Wired reports: Experts across numerous privacy and security fields agree that the solution to the over-collection and over-use of SSNs isn't one particular replacement, but a diverse array of authentications like individual codes (similar to passwords), biometrics, and even physical tokens to create more variation in the ID process. Some also argue that the government likely won't be the driving force behind the shift. "We have a government that works at a glacial pace in the best of times," says Brenda Sharton, who chairs the Privacy & Cybersecurity practice at the Goodwin law firm, which has worked on data privacy breach investigations since the early 2000s. "There will reach a point where SSN [exposure] becomes untenable. And it may push us in the direction of having companies require multi-factor authentication."
Meanwhile TechCrunch argues, "This crass, callow, and lazy treatment of our digital data cannot stand...": We must create new, secure methods for cryptographically securing our data... These old organizations -- Equifax was founded in 1899 and hasn't changed much since inception -- must die, to be replaced by solutions that (and I shudder to say this) are blockchain-based.
Re: (Score:2)
I'll believe that corporations are people when I see one executed. As the saying goes.
Big targets, big money, relentless attackers (Score:1)
Mandate that SSNs are not proof of identity (Score:1)
An SSN is a good primary key in a database because each SSN should correspond to a unique person. It's a terrible way, however, for proof of identity. We essentially use it as a username, but also as a password, and a password that you're unable to change. Furthermore, by law, you have to provide it to banks and some other institutions to use their services. You need to share your SSN with your employer in order to get paid for your job. And you have to trust that none of these entities will mishandle your
Re: (Score:2)
Sure. make SSN a unique key but using it has a primary key is always a bad idea. Use meaningless Object IDs as primary keys which in turn will be used as a foreign key in other tables instead of the SSN.
You can even put the SSN in a different table or database with added security features/restrictions.
Bad tech journalism must die (Score:3)
These old organizations -- Equifax was founded in 1899 and hasn't changed much since inception -- must die, to be replaced by solutions that (and I shudder to say this) are blockchain-based.
About as insightful as the apper guy. Blockchain magic fixes everything. Also since when did the age of a company was a good predictor of an internal cowboy culture?
Re: (Score:2)
as they say, "let the free market decide" (Score:3)
- Name + phone hacked = $2 penalty
- Name + address hacked = $3 penalty
- Name + SSN hacked = $5 penalty
- etc., and combinations of the above, just multiply.
Things would get fixed right quick.
In other news... (Score:3)
... horse escapes from wide-open barn! Farmer encouraged to shut the f-ing door!
Bright godz, what a mess...
Three executives dump shares (Score:2)
Regulatory filings show the three Equifax executives — Chief Financial Officer John Gamble, U.S. Information Solutions President Joseph Loughran and Workforce Solutions President Rodolfo Ploder — completed stock sales on Aug. 1 and 2.
Wait, that guy is named John Gamble? and he is the damned CEO?
Cost to Profit Ratio Too Low (Score:2)
Right now, it's in the best interests of the corporation to allow the details to be stolen.
Assuming the customer even catches the theft, they're still responsible for the first $50 dollars. And if the company chooses to dispute the customer's claim, they might get more than that.
The seller and processor all file claims with their insurance company, and get their money back.
In short, everyone but the victim wins.
Until that changes, this will continue to happen.
innocent until proven guilty (Score:2)
Account hijack is a bigger threat (Score:2)
In no place this should be considered "credentials". But the US financial institutions pretend these are secret passwords.
WRONG (Score:2)
This means that a law firm will make millions or tens of millions of dollars and the REAL victims will get $1.23 (less taxes).
And all up, this costs the corporation less money than doing the job properly.
The system is working exactly as it was intended to.
God, some people think rich people are just made of money, do you not know how much a Ferrari costs these days