Posted on 06/14/2019 5:45:31 PM PDT by Libloather
Multiple government agencies are relying on a security measure that can be easily bypassed thanks to massive breaches like the Equifax hack, the US Government Accountability Office has found. In a report released Friday, the government watchdog group found that the US Postal Service, the Department of Veterans Affairs, the Social Security Administration and the Centers for Medicare and Medicaid Services have still been using "Knowledge-Based Verification" to make sure people who apply for benefits online are authentic.
This verification method asked applicants questions like their date of birth, Social Security numbers and addresses, assuming that only the applicant would have that information. But in Equifax's breach in 2017, that information had been stolen from 145.5 million Americans, rounding out to more than half the US population.
That exposed many federal agencies using Knowledge-Based Verification to widespread fraud, as potential attackers could use the stolen information to apply for benefits and get replacement Social Security cards, the GAO found.
In 2017, the National Institute of Standards and Technology started advising against that verification method.
(Excerpt) Read more at cnet.com ...
Equifax is one of the scummiest companies ever. Glad to see how dependent the other giant scumbag,the US Govt, is on them.
The IRS also uses Equifax for knowledge verification. No bid contract after the breach as payoff to the company for supporting Obama.
And they lecture us?
If you had accounts BEFORE the Equifax data breach, you had to provide answers to three “Personal Questions” (e.g., first car, etc.) and a personal “Username.”
The only way hackers can get around that is to create duplicate accounts with a new Username and Q&A.
Hopefully, two accounts with the same legal name and numbers would attract attention.
SocSec and Medicare make you change your password like every six months now - a monumental pain in the neck.
Not only that, SocSec sends you a security code via email or text that you need to type in - every time!
texas booster :" The IRS also uses Equifax for knowledge verification.
No bid contract after the breach as payoff to the company for supporting Obama."
(From the article): "Multiple government agencies are relying on a security measure that can be easily bypassed thanks to massive breaches
like the Equifax hack, the US Government Accountability Office has found.
In a report released Friday, the government watchdog group found that the US Postal Service, the Department of Veterans Affairs,
the Social Security Administration and the Centers for Medicare and Medicaid Services have still been using "Knowledge-Based Verification"
to make sure people who apply for benefits online are authentic."
" This verification method asked applicants questions like their date of birth, Social Security numbers and addresses,
assuming that only the applicant would have that information.
But in Equifax's breach in 2017, that information had been stolen from 145.5 million Americans,
rounding out to more than half the US population."
Obtain verification of your own identity with original documents; get certified, if available.
This includes certified birth certificates, certified marriage license, original copies of Social Security card (signed),
geneological records, insurance documents, certificates of title for land, and/or vehicles.
Confirm your credit rating in person ; all three of the accredited credit gencies, as total identity fraud can easily be had here.
Don't respond to phishing emails from known, or unknown persons, or agencies asking for confidentail information online,
or during cell phone conversations (over heard/ taped conversations).
Avoid social media discussions of vacation plans, family deaths, or funeral arraingments in media.
Become the "Gray man", non-descript physically, in clothing, physical mannerisms, vehicles, etc.
Avoid socially objectional purchases online, or when using a credit card; right now, 'cash is king'.
Being forewarned is being forearmed; and anticipating preperation of unknown circumstances (itself) can act as a deterent.
Yeah, it’s weird when you KNOW you’ve never, ever put your personal info online, but it’s online anyway.
Spit spit Equifax
Now, now folks - you have to look at the big picture. Sure equifax failed to protect the personal data of tens of millions of people. But they ensured they had a diverse work force at the highest level of their organization by hiring a female music major to be their Chief Security Officer! So chill.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.