Comcast Website Flaws Exposed SSNs, Home Addresses

[Guest]

Two flaws in Comcast's websites may have exposed the home addresses and partial Social Security numbers of Xfinity subscribers.

Comcast Website Flaws Exposed SSNs, Home Addresses : Read more

 

[thebigt42]

WTF is comcast doing with customer SSNs???

 

[stdragon]

WTF is comcast doing with customer SSNs???

Using them to validate the caller is whom they say they are. You know, using SSNs explicitly in a way that it wasn't intended to be used for.

They should be asking for the DL (drivers license) number instead if anything.

 

[digitalgriffin]

Comcast uses SSN to establish credit before they hand you a bunch of equipment. But it's BS. Their equipment isn't that expensive. It's a huge money maker for them.
I also believe Congress was floating bills in committee (laws not voted on yet) preventing 3rd party companies from using SSN's as identification due to data leaks like this.

There was surprisingly big push-back by the industry on this.

 

[why_wolf]

Comcast uses SSN to establish credit before they hand you a bunch of equipment. But it's BS. Their equipment isn't that expensive. It's a huge money maker for them.
I also believe Congress was floating bills in committee (laws not voted on yet) preventing 3rd party companies from using SSN's as identification due to data leaks like this.

There was surprisingly big push-back by the industry on this.

Not surprising at all. The SSN is the only thing even close to a national ID number for US Citizens. If Congress wants businesses to stop using SSN to help tell John Smith #1 and John Smith #3678 apart from each other they need to roll out a real national ID number.

 

[stdragon]

One could argue that your Passport # is a national ID #

obligatory "papers please"

 

[why_wolf]

One could argue that your Passport # is a national ID #

obligatory "papers please"

Except only people who go out of their way to get a passport get a passport number. Which means that the vast bulk of Americans don't have one.

 

[stdragon]

One could argue that your Passport # is a national ID #

obligatory "papers please"

Except only people who go out of their way to get a passport get a passport number. Which means that the vast bulk of Americans don't have one.

That a valid counter argument, sure.

The real irony is that in the state of Texas, you can get a Texas ID card which is basically a Texas DL card, sans the ability to drive. But if you look at their registration process, you're required to provide ......*drum roll*....and SSN number!

https://www.dps.texas.gov/DriverLicense/applyforID.htm

So basically, the SSN that was explicitly stated to not be a national ID, is in fact a defacto national ID.

 

[why_wolf]

One could argue that your Passport # is a national ID #

obligatory "papers please"

Except only people who go out of their way to get a passport get a passport number. Which means that the vast bulk of Americans don't have one.

That a valid counter argument, sure.

The real irony is that in the state of Texas, you can get a Texas ID card which is basically a Texas DL card, sans the ability to drive. But if you look at their registration process, you're required to provide ......*drum roll*....and SSN number!

https://www.dps.texas.gov/DriverLicense/applyforID.htm

So basically, the SSN that was explicitly stated to not be a national ID, is in fact a defacto national ID.

It gets even worse when you consider the fact that Medicare/Medicaid, both federal programs, also used the SSN as their way to ID people. Heck up until last year Medicare was actually printing peoples SSN on their Medicare cards.

 

[canadianvice]

Law should set a dollar amount for lost data. Lose a SIN? It'll probably cost the government several thousand to get all that stuff rectified.... so, $1200 a SIN?

That'd make this breach cost.... well, no figure in the article, but probably a lot. Maybe if IT had a definite amount to point to for costs if they don't get to do their job properly, we'd get better IT compensation and consideration.