363

Scary AT&T breach leaks up to 70 million Social Security numbers to the dark web (www.macworld.com)

submitted 5 months ago by catculation@lemmy.zip to c/privacy@lemmy.ml

92 comments fedilink hide all child comments

cross-posted from: https://lemmy.world/post/13810367

you are viewing a single comment's thread
view the rest of the comments

[-] onlinepersona@programming.dev 11 points 5 months ago

I keep reading "social security number", but still don't understand why it's possible to steal a person's identity with their SSN. Is that all that's required for identification? Some number?

[-] miracleorange@beehaw.org 7 points 5 months ago

Basically. It wasn't meant to act as an identification, but people kept using it that way (probably because every citizen gets one at birth, so it's the easiest proof of citizenship).

[-] FenrirIII@lemmy.world 6 points 5 months ago

It's a key component. You need other information, but the SSN is supposed to be secret.

[-] Syn_Attck@lemmy.today 14 points 5 months ago

State-assigned unchangeable passwords that you hand out to 20-100 companies throughout your life (every job, every loan, every credit card, every financial account, every background check, every...)

This was 70 million people in 1 breach.

Keep in mind there are only 340 million people in the US, many of which are under 18.

We need a better system.

https://en.m.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach

The Office of Personnel Management data breach was a 2015 data breach targeting Standard Form 86 (SF-86) U.S. government security clearance records retained by the United States Office of Personnel Management (OPM). One of the largest breaches of government data in U.S. history, the attack was carried out by an advanced persistent threat based in China, widely believed to be the Jiangsu State Security Department, a subsidiary of the Government of China's Ministry of State Security spy agency.

In June 2015, OPM announced that it had been the target of a data breach targeting personnel records.[1] Approximately 22.1 million records were affected, including records related to government employees, other people who had undergone background checks, and their friends and family.[2][3] One of the largest breaches of government data in U.S. history,[1] information that was obtained and exfiltrated in the breach[4] included personally identifiable information such as Social Security numbers,[5] as well as names, dates and places of birth, and addresses.[6] State-sponsored hackers working on behalf of the Chinese government carried out the attack.[4][7]

The data breach consisted of two separate, but linked, attacks.[8] It is unclear when the first attack occurred but the second attack happened on May 7, 2014, when attackers posed as an employee of KeyPoint Government Solutions, a subcontracting company. The first attack was discovered March 20, 2014, but the second attack was not discovered until April 15, 2015.[8] In the aftermath of the event, Katherine Archuleta, the director of OPM, and the CIO, Donna Seymour, resigned.[9]

[-] possiblylinux127@lemmy.zip 1 points 5 months ago

Wasn't it India that leaked all of its citizens data?

[-] Aquila@sh.itjust.works 4 points 5 months ago

Getting names, emails, addresses, etc is pretty available. If you can link those up + an SSN you can open accounts pretty easily

[-] onlinepersona@programming.dev 1 points 5 months ago* (last edited 5 months ago)

Damn... that seems like a pretty bad system. Have there not been attempts to remedy that?

CC BY-NC-SA 4.0

this post was submitted on 02 Apr 2024

363 points (99.5% liked)

Privacy

31373 readers

415 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS