• Melkath@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    I have been informed my SSN, DOB, and payment information have been “compromised” at least 50 times in my life.

    • Izzie🌴@freeradical.zone
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      @rdyoung @catculation

      Exactly what I was going to say. I froze everything after that will keep it frozen forever. So easy to temp thaw when I want to apply for something.

      Big 3 credit bureaus
      Chexsystems for banks
      Lexus Nexus for you know, everything
      And there’s one for utilities too that escapes me at the moment

      Make a social security account if you haven’t already so no one else can

      • d-RLY?@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        What did you do to freeze your stuff? And how do you thaw it for stuff, and how long does it take? I did go ahead and make my My Social Security account after seeing your comment though!

        • Izzie🌴@freeradical.zone
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          @dRLY

          They all have web sites.

          Search Experian +security freeze
          Equifax +security freeze
          TransUnion +security freeze
          Chexsystems +security freeze

          Etc. Note they offer paid things too. But the freezes are free by law.

  • Tire@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    Fight Club had it backwards. Instead of attacking the banks to wipe out people’s credit someone should release everyone’s SSN. The mass fraud will make credit useless.

  • Franklin@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    Is there any way we could do some sort of certificate based authentication? Instead of a social security number. I know people get really dodgy whenever you talk about ways to identify them but there has to be a better way than this.

    Identity fraud can ruin your life permanently and at this point I’m pretty sure more people have been compromised than haven’t.

      • rdyoung@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        Something like a ssh key or what they are now calling passkeys could work. The question is then who holds the verification database and how do individuals (especially those who can’t turn on their pc) keep their part of the key safe and do we also have some other kind of verification questions like we do now to make sure that it’s the right person when so many small details are shared or similar across people.

          • rdyoung@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            7 months ago

            I know. But we need a system better than what we have. Or a modification of the current system to make it a bit tougher for people to use someone else’s credit. I have a few ideas but they would only work for those of us who can handle the idea of ssh keys, crypto, etc. The average idiot isn’t going to be able to keep easy access to the data they need to prove they are who they say they are. And I’m definitely against going with DNA, fingerprints, facial rec, etc because of where that leads.

            As it stands, way more kids than you may expect grow up to find their credit completely fucked because their parents are assholes. Anyone close enough to you can probably answer most of the questions about where you lived, what car you owned, etc. We need a drastically different system if we want to minimize identity theft but as I said above, the average person can’t handle the ways to do it right.

            In theory it could be based on cryptos open ledger but with encryption instead of being open to the public, accessible only when the person holding the private key unlocks it in conjunction with the public key. Data stored and accessed in a DB that can be hosted anywhere and isn’t under the control of anyone organization or agency.

    • halcyoncmdr@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      Social Security Numbers were never meant to be used for anything other than Social Security itself. Credit agencies use the SSN because they view it as an easy identifier and they didn’t have to create anything themselves.

      • edric@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        It’s ridiculous how something that is supposed to be very confidential and kept private is asked everywhere you need services.

        • PM_Your_Nudes_Please@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          7 months ago

          It was never supposed to be confidential. That need arose as a direct result of using it as an ID. If the SSA was the only organization using the number, (as originally intended,) then it wouldn’t need to be kept confidential.

          But when the SSA gave every single person a unique number, other organizations went “hmm this sure would be convenient for differentiating individuals with similar names and DOBs.” So other organizations started using it for identification, and suddenly you needed to keep the number secret because anyone with your number could ID themselves as you.

          The SSA needs to publish a public database of every single name, DOB, and SSN. Force organizations to figure out a new system of identification, instead of relying on an insecure and outdated system.

  • ares35@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    and this is why i refused to give you my social back when i lived in your service area and had a land line installed.

  • penquin@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    Tried to delete my shit from their website, but they make it impossible to do so. I tried for about 20 minutes then eventually the site straight up refused to let me continue. I don’t even have AT&T anymore, I had their cellular back in 2013 and left them then, but the fuckers kept my info in their system this whole fucking time. No accountability for big corporations when they fuck up big like this. If it were one of us peasants, we would have been in prison for life.

      • penquin@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        And that’s a huge problem. Only form of protection I have is freezing my credit with the three credit reporting assholes. I know it’s not much, but at least no one can apply for shit with my social.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          7 months ago

          It actually gives you quite a bit of protection. If you don’t have a open credit they can’t open cards in your name.

          Just remember it is frozen

  • onlinepersona@programming.dev
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    I keep reading “social security number”, but still don’t understand why it’s possible to steal a person’s identity with their SSN. Is that all that’s required for identification? Some number?

      • Syn_Attck@lemmy.today
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        State-assigned unchangeable passwords that you hand out to 20-100 companies throughout your life (every job, every loan, every credit card, every financial account, every background check, every…)

        This was 70 million people in 1 breach.

        Keep in mind there are only 340 million people in the US, many of which are under 18.

        We need a better system.

        https://en.m.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach

        The Office of Personnel Management data breach was a 2015 data breach targeting Standard Form 86 (SF-86) U.S. government security clearance records retained by the United States Office of Personnel Management (OPM). One of the largest breaches of government data in U.S. history, the attack was carried out by an advanced persistent threat based in China, widely believed to be the Jiangsu State Security Department, a subsidiary of the Government of China’s Ministry of State Security spy agency.

        In June 2015, OPM announced that it had been the target of a data breach targeting personnel records.[1] Approximately 22.1 million records were affected, including records related to government employees, other people who had undergone background checks, and their friends and family.[2][3] One of the largest breaches of government data in U.S. history,[1] information that was obtained and exfiltrated in the breach[4] included personally identifiable information such as Social Security numbers,[5] as well as names, dates and places of birth, and addresses.[6] State-sponsored hackers working on behalf of the Chinese government carried out the attack.[4][7]

        The data breach consisted of two separate, but linked, attacks.[8] It is unclear when the first attack occurred but the second attack happened on May 7, 2014, when attackers posed as an employee of KeyPoint Government Solutions, a subcontracting company. The first attack was discovered March 20, 2014, but the second attack was not discovered until April 15, 2015.[8] In the aftermath of the event, Katherine Archuleta, the director of OPM, and the CIO, Donna Seymour, resigned.[9]

    • Aquila@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Getting names, emails, addresses, etc is pretty available. If you can link those up + an SSN you can open accounts pretty easily

    • M. Orange@beehaw.org
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Basically. It wasn’t meant to act as an identification, but people kept using it that way (probably because every citizen gets one at birth, so it’s the easiest proof of citizenship).

  • Scolding0513@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    This was probably orchestrated on purpose as part of a long term operation

    The goal would be to make things like this happen over and over and over again so as to eventually get people outraged enough so that they can push for everyone to get on board with CBDCs, forced nerulink implants, digital identity like the EU, and basically anything that helps the government make you a total slave to surveillance and tracking

    It’s another one of those, “it’s for your safety!!!” deals

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      7 months ago

      Or maybe they just need to practice better security. Never assume malice when something can be explained with inconfidence.

      To be fair the threat actors are getting much harder to defend against

      • Scolding0513@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        People must learn to open their eyes. We already know that the government, big tech, and corporations lie all the time. Yet somehow, when I suggest that they are lying, I get told off?? Give me a break.

        I am not assuming, more or less just strongly suggesting. There is a major benefit to the larger agenda here.

        Anyway I’m not frustrated at you, just majority of so-called privacy people who can’t see a bigger picture. Same kind of people that would have torn you to shreds for suggesting some things pre-2014 that Snowden later revealed to be true. Somehow we forgotten about him.

  • umbrella@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    whoopsie doopsie!

    ssns are probsbly useless by this point. cant wait for these people to leak our biometric data next, so we cant even chamge our ‘passwords’ anymore.

    • whotookkarl@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      SSNs are not secure and were never intended to be used that way. Just because companies misuse it for security to cut costs and apply credit ratings we never voted for doesn’t mean we should necessarily punish someone for leaking that data that is already like 99% public data because of all the previous leaks. It would be better if everyone treated it as public data and not some secret identity key. They should be punished for poor security and fix their shit, but SSNs are not private, not intended to be used for identity, and not secure.

    • fluckx@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      I think it’s related maybe to some anti terrorism law? In certain EU countries for example it’s impossible to get an anonymous SIM due to some anti terrorism legislation. SSNs are the only legal identification I guess?

      This is a random guess off the top of my head. IANAL or know anything specific on US law.

    • halcyoncmdr@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      Credit checks.

      Nowadays they offer financing for devices. But even in the past it was required. They would determine the maximum number of lines you had available, and if there were any deposits to open new lines of service. Even before phone financing, those phone contracts came with hundreds of dollars of phone discounts at time of purchase and had hundreds of dollars worth of early termination fees and they want to make sure their customers had a good chance of paying if they left.

      • Specal@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        But there’s no need to store them in what I assume to be plain text, this is negligence

        • FauxPseudo @lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          I don’t remember that being part of the question I was answering. The question was why, not how. So the “But” seems confrontational in this context.

          Is it dumb that they might have been in plain text or something close enough to it that it didn’t matter: of course. But that wasn’t the question.

            • FauxPseudo @lemmy.world
              link
              fedilink
              arrow-up
              0
              ·
              7 months ago

              That’s fine. In the future I’d start with “Also” instead of “But.” It completely changes the tone.

              • candybrie@lemmy.world
                link
                fedilink
                arrow-up
                0
                ·
                7 months ago

                “Also” doesn’t make sense in context.

                I think this miscommunication is more on you for taking it as an attack towards yourself when it was pretty clearly suspicious towards at&t, not you. In the future, I suggest trying to read things as charitably as possible. It will make forums a much more pleasant place if you don’t immediately assume aggression based on pretty innocuous words.

                • FauxPseudo @lemmy.world
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  7 months ago

                  I didn’t see it as an attack. I saw it as very poor communication. “Also” would have worked way better as it would have been a “yes, and” instead of a literal “but.” I’m all about charitable readings. That’s why I didn’t attack them but pointed out their choice in wording. It was, as pointed out, snarky, not defensive.

    • prayer@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Most people get suckered into signing a contract and using a “postpaid” plan, where you get the service for a month and then pay for it. That requires a credit check and credit reporting, since you get the service before payment. You don’t have to give out your SSN if you sign up for “prepaid” cell phone plans, which offer less discounts and benefits but are generally cheaper for the service they provide. The only catch is you pay for the month before you use it, but this makes canceling as easy as stopping payment.

        • prayer@sh.itjust.works
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          The main carriers offer prepaid plans, and there is no postpaid plan that doesn’t throttle speeds after you go over a certain amount when the towers a busy.

      • xthexder@l.sw0.com
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        I’m on a prepaid plan, and got in on a really good deal. They were offering $25/month off indefinitely for signing up for auto-pay (Basically 35% off, lol). It made the plan cheaper and better than most of their monthly plans. I’m happy to know it also saved me from giving out my SSN.