Equifax products also leaked thousands of salary histories

Equifax is still leaking like a sieve. Security researcher Brian Krebs has outlined a vulnerability in Equifax’s The Work Number product, a system used by credit companies to confirm your salary.

The system uses a number of personal details, including your SSN and birthdate, to bring up a salary history. These are details leaked in Equifax’s 143 million record breach this year.

Krebs writes:

To find out how easy it is to view your detailed salary history, you’ll need your employer’s name or employer code. Helpfully, this page lets you look that up quite easily (although if you opt to list employers alphabetically by the first letter of the company name, there are so many entries for each letter that I found Equifax’s database simply crashes half the time instead of rendering the entire list).

From there it was simply a matter of going to a page – now missing – and entering your SSN and “PIN,” a term that suggests a degree of security but is actually your eight-digit birthdate. From there, users were shown a full set of salary data.

The Equifax breach shows us a few things but primarily it proves that the systems put in place to protect banks from customers are inefficient and prone to catastrophic failure. While I doubt this will cause a popular uprising and wipe out services like Equifax, here’s hoping that some industrious startup with a quantum encryption scheme and half a brain can figure out a better solution to keeping our financial data secure.