When it comes to data privacy and preventing identity theft, there may be nothing more useless today than an individual’s Social Security Number. The problem has gotten so bad that Adrian Lamo, threat analyst and former hacker, posted a video on YouTube in which he freely gives his own Social Security Number out.
Yet, the number is still widely used as a personal identifier, even though it was originally designed in 1936 as a way to simply track earnings of U.S. workers for Social Security benefits. The vulnerability of this process was underscored last year when an estimated 145.5 million Americans had their SSNs and other personal information stolen as part of the Equifax Inc. breach.
That breach represented a watershed moment in public consciousness surrounding the security, or lack thereof, of personal information. And many victim assistance organizations, such as the Identity Theft Resource Center, felt the brunt of consumer angst.
“It was the largest number of calls we’ve had in a month since we’ve been measuring our call volume,” said Eva Velasquez (pictured), president and chief executive officer of the Identity Theft Resource Center. “People were still very concerned.”
Velasquez visited the set of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during Data Privacy Day in San Francisco, California, and spoke with host Jeff Frick (@JeffFrick). They discussed the impact of the Equifax breach on consumer privacy, rising concern surrounding child identity theft, a continued increase in data compromises, and potential solutions.
This week, theCUBE spotlights Eva Velasquez in our Women in Tech feature.
Experts advise to file taxes early
The theft of so many SSNs last year has led to concerns that the tax filings of U.S. citizens could be impacted as the deadline approaches in mid-April. The problem is that crooks don’t need much more than an SSN to file a bogus tax return. The Identity Theft Resource Center has been advising consumers to file early and beat thieves to the punch.
While credit or identity monitoring services may help prevent additional losses for a consumer, a study by the General Accounting Office published last year found that these services do not typically protect against tax fraud. To make matters worse, a recent report by CNN found that many SSNs are currently available in marketplaces on the dark web. One even touted its wares with the ominous sales pitch, “Get em befor tax seson [sic].”
“For a lot of us in this space, we may be feeling the fatigue more than the average consumer,” said Velasquez in assessing the fallout from the Equifax data theft.
Child identity kits for $300
The loss of protection surrounding so many personal identifying numbers is also raising concerns in the security community around child identity theft. The same CNN report showed that datasets of personal information for infants, complete with date of birth, mother’s maiden name and even an SSN, could be purchased for $300 in bitcoin.
This kind of information is attractive (and valuable) to criminals because it allows them to start with a clean credit history. This can cause real problems when the child reaches an age when he or she attempts to get a credit card or take out a loan.
“You have a four-year-old whose SSN is now having a credit profile built around it,” Velasquez said. “The biggest problem is we really haven’t modernized how we’re authenticating this information and data.”
The Identity Theft Resource Center has been tracking breaches since 2005. Last month, it issued a report that showed there have been 8,200 breaches and more than 1 billion records exposed since the Center began monitoring the statistics. Data breaches reached a new high in 2017 at 1,579.
There is one technology area that could drive these numbers even higher in the coming year, and it’s the “internet of things.’ The number of connected devices on the market is rising rapidly, especially in the home. It’s possible now to connect light bulbs, doorbells, thermostats, kitchen appliances and even pet food dishes.
Each device in the home creates data that is often accessed by the product maker. Hacking that database of information through the company that stores it or at the source could provide criminals with a treasure trove of personally identifying data.
“We have to think about the data that we’re creating that does comprise our identity,” Velasquez said.
Balance between security and convenience
A consumer’s willingness to become more protective of information is often influenced by the need to balance security with convenience. Steps to protect against child identity theft can be taken by directly contacting the three primary credit reporting bureaus — Equifax, TransUnion and Experian — to see if a credit history exists (minors usually do not have one). Or, parents can request the creation of a credit file and then place a freeze on it. But this takes time and effort, including writing and mailing an actual letter with accompanying documents.
Velasquez believes that some technology solutions might tip the scale toward broader consumer acceptance of security controls. Biometrics, for example, which can calibrate the correct angle that someone uses their smartphone or the pressure put on the touchpad, are potential ways that non-invasive technology could make a difference.
“It probably means we’ll have more layers and it won’t be as frictionless for consumers,” Velasquez said.
A number of security professionals believe that sharing breach data between companies could also provide a way to combat the rising tide. Meanwhile, the U.S. government may finally intercede with legislation in Congress to implement tighter cybersecurity controls over credit monitoring agencies. The Data Breach Prevention and Compensation Act of 2018 would, if passed, expand the Federal Trade Commission’s authority over data breaches among credit-reporting firms.
Whether the new law passes or not, Velasquez believes that the fraud and risk industry supports greater exchange of threat and breach information as a way to combat cybercrime. “They definitely want more data sharing,” Velasquez said. “The solution here is to actually share data; it’s to share it more.”
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Data Privacy Day.
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.
The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE— take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE: