The Impact of The Recent Shadowy Data Breach
The Market Ticker - Commentary on The Capital Markets
Login or register to improve your experience
Main Navigation
View what THE MEDIA does NOT want read

MUST-READ Selection(s):
America Is DONE

Revolt Or Collapse: Pick One

The Bill To Permanently Fix Health Care For All

The CERTAIN Destruction Of Our Nation

The Rule Of Law

Logic, And The Lack Thereof

Display full list of topics

Sarah's Resources You Should See
Sarah's Blog
Full-Text Search & Archives
Archive Access
Leverage, the book
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions. For investment, legal or other professional advice specific to your situation contact a licensed professional in your jurisdiction.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility; author(s) may have positions in securities or firms mentioned and have no duty to disclose same.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must be complete (NOT a "pitch"; those get you blocked as a spammer), include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2024-08-17 07:35 by Karl Denninger
in Consumer , 3824 references Ignore this thread
The Impact of The Recent Shadowy Data Breach
[Comments enabled]

Well, its real.

There's a clear conversation we need to have about these so-called "data brokers" in that the concentration is a problem and unlikely to go away without strong legislative action and criminal penalties for breaches.

Civil fines won't do it because they'll be dodged and second, in a breach of this size it doesn't matter how you try to fine someone -- you literally can't fine them enough to compensate for the problem.

This much is clear: If you haven't locked your credit file you had better do so right now.  Go to any of the bureaus, sign in, pass their authentication and then put a freeze on your credit file.  Then repeat at the other two.  The good news is that a number of years ago Congress passed a law to make this free.

That won't stop all of the identity theft game but it will stop a lot of it.

What's in the breach?  Names, physical (home) addresses, in some cases phone numbers and dates of birth and of course social security numbers.  One of the more-common "prove you're real" things is to ask for a former address.  That's now worthless with this file out there as any criminal can get a highly-accurate list of former addresses going back at least 30 years.  Correlation analysis is good enough with a trivial amount of information (e.g. a state you lived in during a given period of time) to "sift" duplicates and thus discern your SSN too among the various records, so SSN + former addresses is no longer of any use in verifying identity.

I cannot verify with any sort of certainty how new the data is (that is, how far back does it end) and it appears these are billing address records.  So no, it's not everyone in the US and everywhere everyone has ever been or lived but it is a very large set of data including addresses, dates of birth and social security numbers.

This breach is crazy-eyed simply due to its size and how far back it goes.  The OPM breach of a number of years ago was likely far worse simply because that was Federal Government employees that could quite-easily be discerned as to their likely role and that's bad news from a information security perspective.

The underlying reality of all of this?

IT security at firms and the government alike (as demonstrated by the OPM breach) sucks.

The take-away for ordinary people to reiterate what I said up above: Set up logins at all three bureaus and place a security freeze on your credit report.  Make absolutely certain the passwords you use for them are both very strong and not used anywhere else (including the other two.)  Why?  Because "verification" in most places including the credit bureaus is usually one of address + SSN + phone number/email or similar and that data is in there so if you don't have an account set up someone else can in your name, they can use a different email address to get the verification code and then lock you out of your own credit report and security freeze capacity and/or steal your credit report which includes unmasked revolving account numbers.  The only defense to that given the public nature of this data file and what it is includes is to have that set up yourself at the bureaus with a password only you have which precludes someone else from doing that to you.

One final point: It has come to my attention that there are a few sites out there "offering" to check if you're in this data breach.  Do not, under any circumstances, put personal information into any such site -- nothing, ever, period.  They probably do have the files (as noted this is wildly publicly-available) but doing that is confirming its accurate, giving whoever owns that site even more correlating information about you and begging for trouble.  Don't do it; just assume you're in there because you probably are.

Go to responses (registration required to post)
 


 
No Comments Yet.....
Login Register Top Blog Top Blog Topics FAQ
Page 1 of 119  First123456789Last
Login Register Top Blog Top Blog Topics FAQ
Page 1 of 119  First123456789Last

Click for DMCA and User Conduct complaints, along with our privacy policy.
AKCS V54.0 Copyright 1993-2024 Karl Denninger. All Rights Reserved. [Elapsed: 47 ops in 0.045, 0.004 log, 0.079 runtime seconds]
Email the AKCS Owner