Equifax is still leaking like a sieve. Security researcher Brian Krebs has outlined a vulnerability in Equifax’s The Work Number product, a system used by credit companies to confirm your salary.
The system uses a number of personal details, including your SSN and birthdate, to bring up a salary history. These are details leaked in Equifax’s 143 million record breach this year.
From there it was simply a matter of going to a page – now missing – and entering your SSN and “PIN,” a term that suggests a degree of security but is actually your eight-digit birthdate. From there, users were shown a full set of salary data.
The Equifax breach shows us a few things but primarily it proves that the systems put in place to protect banks from customers are inefficient and prone to catastrophic failure. While I doubt this will cause a popular uprising and wipe out services like Equifax, here’s hoping that some industrious startup with a quantum encryption scheme and half a brain can figure out a better solution to keeping our financial data secure.