Workload and Application Security Blog

Equifax asks consumers for personal info

Written by Virsec | Sep 8, 2017 11:01:46 PM

Washington Post, September 7, 2017, comments by Satya Gupta;

Yesterday, Equifax announced a data breach that tops other serious data breaches this week by far. 143 million consumers are now grappling with the news that their personal information – including social security numbers, birthdates, driver’s license numbers and more – is now in the worst hands. Adding frustration to concern, Equifax’s early response of offering free credit monitoring in exchange for asking consumers to enter not 4, but 6 numbers of their social security numbers is raising a lot of questions and eyebrows.

Satya Gupta, co-founder and CTO at application security vendor Virsec in San Jose, Calif., talks to the Washington Post and confirms the unusualness of such a request.

“This is very unusual — most security systems are hard-wired only to reveal the last four digits of an SSN for identification purposes. This strongly implies that the typical four digits may have been compromised, and they need additional, previously ‘secret’ information to positively identify customers. This reinforces the conundrum of these breaches — with more information exposed, how do you now prove a person’s identity?”

Consumers express their reactions, not the least of which is concern about the risks of providing this additional information as well.

Read Full Article