Comcast Website Flaws Exposed SSNs, Home Addresses

Status
Not open for further replies.

stdragon

Commendable
Apr 5, 2018
1,551
3
1,660
196


Using them to validate the caller is whom they say they are. You know, using SSNs explicitly in a way that it wasn't intended to be used for.

They should be asking for the DL (drivers license) number instead if anything.
 

digitalgriffin

Distinguished
Jan 29, 2008
872
168
19,190
15
Comcast uses SSN to establish credit before they hand you a bunch of equipment. But it's BS. Their equipment isn't that expensive. It's a huge money maker for them.
I also believe Congress was floating bills in committee (laws not voted on yet) preventing 3rd party companies from using SSN's as identification due to data leaks like this.

There was surprisingly big push-back by the industry on this.
 

why_wolf

Honorable


Not surprising at all. The SSN is the only thing even close to a national ID number for US Citizens. If Congress wants businesses to stop using SSN to help tell John Smith #1 and John Smith #3678 apart from each other they need to roll out a real national ID number.
 

why_wolf

Honorable


Except only people who go out of their way to get a passport get a passport number. Which means that the vast bulk of Americans don't have one.
 

stdragon

Commendable
Apr 5, 2018
1,551
3
1,660
196


That a valid counter argument, sure.

The real irony is that in the state of Texas, you can get a Texas ID card which is basically a Texas DL card, sans the ability to drive. But if you look at their registration process, you're required to provide ......*drum roll*....and SSN number!

https://www.dps.texas.gov/DriverLicense/applyforID.htm

So basically, the SSN that was explicitly stated to not be a national ID, is in fact a defacto national ID.
 

why_wolf

Honorable


It gets even worse when you consider the fact that Medicare/Medicaid, both federal programs, also used the SSN as their way to ID people. Heck up until last year Medicare was actually printing peoples SSN on their Medicare cards.
 

canadianvice

Distinguished
Law should set a dollar amount for lost data. Lose a SIN? It'll probably cost the government several thousand to get all that stuff rectified.... so, $1200 a SIN?

That'd make this breach cost.... well, no figure in the article, but probably a lot. Maybe if IT had a definite amount to point to for costs if they don't get to do their job properly, we'd get better IT compensation and consideration.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS