Equifax will give your salary history to anyone with your SSN and date of birth


#1

Originally published at: https://boingboing.net/2017/10/10/fucking-muppets.html


#2

Convenient. The site which offers this lookup is “under maintenance” following the Krebs article.


#3

If these companies are to continue to exist, they should be forced to do so as heavily regulated non-profits. Same goes for the bond and equities rating agencies that helped bring us the crash of 2007-2008.


#4

The idea that a single number ban be both used as a proof of identity AND given out to a large number of private entities as a pre-condition for service is a logical fallacy. The sooner it dies, the better.

But how, exactly is Equifax getting your salary history to hand out? THAT is the question here.


#5

Criminals across Russia and Southeast Asia now pity me.


#6

The problem is we can’t seem to decide if a SSN is a username or if it is a password.


#7

I could see employers playing ball for this- if they can contribute to a database that gives a job applicant’s salary history then that’s just that much less leverage that applicant has negotiating an offer, and more leverage they have. Same shit it’s ever been; screw over the worker.


#8

Obviously it’s also a fairly standard metric for assessing loan qualification.


#9

They’re hired by your employer’s HR department so they don’t have to keep taking all those annoying ‘salary verification’ calls.


#10

I wonder what hoops I’d have to go through to get my own salary history from these guys (to find out, for example, if it’s accurate)


#11

I’m guessing they’ve got big fat data pipes from ADP, Paychex, and their ilk. Perhaps lightly obfuscated for compliance, but no doubt easily de-obfuscated too. Just a hunch.


#12


#13

It’s odd that “commercial confidentiality” doesn’t apply here. That’s usually what companies hide behind whenever they are challenged for information like this. But it can be handed over to an unrelated third-party? Quelle surprise.


#14

Good news is that there are so many holes on Equifax that hackers will be busy exploiting so many opportunities instead of hacking somewhere else.


#15

Exactly. I am a few interviews in with a prospective employer and had to fill out the usual battery of employment history and attestations (annoyingly enough though I had already done this at the outset to even apply on their proprietary job site). But in this latest round, the prospective employer’s forms expected the addition of my past salaries/wage rates, with the blanket attestation at the end that all submitted data is correct!

I don’t understand how that’s anyone’s business nor why an applicant should be expected to tie one hand behind their own back simply to have a shot at a job.


#16

The Social Security Administration specifically prohibits the use of the SSN as an identifier or a hidden secret. That’s why the cards have zero security.

Unfortunately, there is no better alternative, so they get used by default.

Think about the alternatives:

  1. Drivers License Number: Millions of Americans don’t drive. Not just children, the elderly, and disabled either. Some just live in cities and don’t own a vehicle.
  2. Name: Tends to change when people are married or sometimes on a whim. Not unique. Error prone.
  3. Date/Time/Place of Birth: Another messy record that attracts errors. Also public knowledge.

This isn’t a completely impossible problem. Some countries have national ID numbers, some of which can even be cryptographically secure. Estonia puts all public information in a block chain for example. I think such a system would receive considerable pushback in the States from privacy minded people as well as people who take an adversarial attitude towards government.


#17

There are crazies who already think having a SSN is the Mark of the Beast.


#18

This topic was automatically closed after 5 days. New replies are no longer allowed.