Slashdot Mirror

← Back to Stories (view on slashdot.org)

100,000 More Social Security Numbers Exposed

Posted by Zonk on from the that-why-we-use-these-password-things dept.

ThinkComp writes "PayMaxx, Inc. is a web-based payroll processing company, and they recently notified me that my on-line form W-2 was available. And so it was, along with the W-2 (including SSN and salary data) of every other one-time PayMaxx customer dating back at least five years, possibly 100,000 in all. Through news.com, PayMaxx reports, 'PayMaxx has made and continues to make every effort to secure its system against any breach,' which is why part of their site has been down now for several days."

2 of 325 comments (clear)

  1. As this becomes commonplace... by Anonymous Coward · · Score: 5, Interesting

    You know, the more of this I see, the more annoyed I become.

    We're taking the wrong tack here... the problem isn't that SSNs and CC#s are so insecure - the problem is that we have become so dependent upon just one or two pieces of information that identity theft has to defeat only one or two "choke points" to screw us.

    Instead of improving security at the choke points - which will always be under heavy attack - why not make identity theft harder by multiplying the potential number of choke points? If someone has to have, say, my Driver's License, Passport, Social Security Number, Credit Card Number, "Personal ID Password" and, say, a "Counter-Identity-Theft Number" suddenly ID theft becomes a heck of a lot harder.

    Seriously... are we burying our heads in the sand and attacking the wrong thing here?

    --AC

  2. Sophisticated and determined??? by Weaselmancer · · Score: 5, Interesting

    From the article:

    "No system in the world is 100 percent secure from a sophisticated and determined hacker," the Tennessee-based payroll company said in a statement sent to CNET News.com

    And...

    Greenspan, a former PayMaxx customer, said he discovered the alleged problems in the company's system more than two weeks ago, after he received notification from the company that his W-2 tax form was available online for download and printing. The link to access the W-2 included an ID number, and he wondered whether the company had protected against an obvious security problem: adding one to the ID number to get the next form.

    Instead of being denied access, Greenspan found that another person's W-2 was downloaded and readable. Sequential, rather than randomized, ID numbers made it easy to call up numerous customers' data.

    Sophisticated and determined my ass!!

    --
    Weaselmancer
    rediculous.