Equifax Made Salary, Work History Available To Anyone With Your SSN and DOB

An anonymous reader quotes a report from KrebsOnSecurity: In May, KrebsOnSecurity broke a story about lax security at a payroll division of big-three credit bureau Equifax that let identity thieves access personal and financial data on an unknown number of Americans. Incredibly, this same division makes it simple to access detailed salary and employment history on a large portion of Americans using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax. At issue is a service provided by Equifax's TALX division called The Work Number. The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it. The Work Number also allows anyone whose employer uses the service to provide proof of their income when purchasing a home or applying for a loan.

The homepage for this Equifax service wants to assure visitors that "Your personal information is protected." "With your consent your personal data can be retrieved only by credentialed verifiers," Equifax assures us, referring mainly to banks and other entities that request salary data for purposes of setting credit limits. Sadly, this isn't anywhere near true because most employers who contribute data to The Work Number -- including Fortune 100 firms, government agencies and universities -- rely on horribly weak authentication for access to the information.

Why does this matter?

[Mogusha]

This only gives a person's work history? Far less of an issue than getting a loan in another person's name. Unless someone can show me a hack that makes use of this information that's worse than getting a credit line... Many places are also making a switch to transparent salaries anyway. Again, why is this a big deal?

Re:Why does this matter?

"many places"??? FUCK YOU. Who wants to share their salary? So that they can screw you up when you lose a job and have to find another?

Re:Why does this matter?

If you are a criminal deciding who to steal from, or who's relatives to kidnap for ransom, wouldn't you like a big list of everybody's salaries?

Re:Why does this matter?

Why don't you post your full name, company you work for, and your salary here then? How about when you apply for your next job why don't you tell them before negotiations begin what you make now?

Re: Why does this matter?

You've been watching too many movies.

Re:Why does this matter?

[mark-t]

If you weren't making enough at your previous job to meet your expectations, then why did you stay it at it long enough that it would even be an issue? If you were making good money for what you were doing, and are applying for a similar role, it's fair to mention, when answering a question about your previous salary, that you'd expect to be making about the same amount. If the job entails more responsibilities, then it's fair to instead say you'd expect to be making somewhat more than what you were making before because of that.

It's my experience, however, that most people who are reluctant to share their previous salaries either don't have enough self confidence to believe they are worth as much as what they believe the job they are applying for should reasonably pay (which tells the employer they could probably underpay them anways), or else they have unrealistic ideas about what their skills are actually even worth, which means they wouldn't be satisfied with a reasonable offer anyways so the company is probably better off hiring someone else.

Re:Why does this matter?

[Arzaboa]

Or when you started off with a low salary, and employers thought it was up to them to keep your salary "reasonable" for the sake of you blowing all that extra cash.

Re: Why does this matter?

Actually. Itâ(TM)s a push for gender equality. I even remember a law being proposed making it a requirement that all employees pay was made public.

Re:Why does this matter?

[Alain+Williams]

This only gives a person's work history? ..... Again, why is this a big deal?

The point is that this results in an uneven playing field when negotiating salary. The company knows what you are earning and can make an offer close to that. You do not know what the company is prepared to pay (eg: average of those doing a similar job at the company). The potential employee is thus at a negotiating disadvantage.

Knowing the average industry salary for the job that you are seeking does not give equal negotiating power. If you are currently being paid less than the average you could find yourself in a place that is hard to get out of.

Re:Why does this matter?

[geekmux]

This only gives a person's work history? Far less of an issue than getting a loan in another person's name. Unless someone can show me a hack that makes use of this information that's worse than getting a credit line... Many places are also making a switch to transparent salaries anyway. Again, why is this a big deal?

Many places? Please, feel free to elaborate with a list of the 0.001% of companies doing this.

Re:Why does this matter?

[Bert64]

No, because the best targets of kidnapping or theft are those who are so rich they don't need to draw a salary.

Re:Why does this matter?

[Bert64]

Depends on the nature of the job, if your skills are in demand and your relatively content in your existing position then it lets companies know they have to offer a significant premium in order to tempt you away.

I get headhunters contact me all the time offering *LESS* than i'm currently on, to do the same job under less convenient/flexible conditions.

Re:Why does this matter?

It's my experience, however, that most people who are reluctant to share their previous salaries either don't have enough self confidence to believe they are worth as much as what they believe the job they are applying for should reasonably pay (which tells the employer they could probably underpay them anways), or else they have unrealistic ideas about what their skills are actually even worth, which means they wouldn't be satisfied with a reasonable offer anyways so the company is probably better off hiring someone else.

I think you've omitted a scenario that would cover a heck of a lot of people:
an employee outgrows their current position and applies for a job that *should* pay much, much better.

Of course, a prospective employer would love to know the applicant's previous pay so that can offer a minimal pay rise as enticement.

Just imagine the reverse:
within every job ad companies having to include the maximum they're willing to pay for each position.

Re:Why does this matter?

[mark-t]

I think you've omitted a scenario that would cover a heck of a lot of people: an employee outgrows their current position and applies for a job that *should* pay much, much better.

And what does that have to do with bieng reluctant to disclose their previous salary? As I said, if the job they are applying for has more responsibilities, it's fair to mention that almost immediately in the context of discussing your previous salary. Also, what you are saying is strongly indicative of lacking the confidence in one's own abilities and skills to realize they may actually be worth what they expect the position they are applying for could actually pay.

Re:Why does this matter?

You missed that point by a mile....

In the extreme, the collective employment profile for half of all working Americans is now available, at presumably, a well structured and searchable database, or, got forbid, a single excel file.

THAT ANYONE, by presumably, legal, illegal means, for corporate or small business, could get there hands on, IF they really wanted to.

And you think the 'nature of the job' is the only thing determining your bargaining position in this scenario?

Re:Why does this matter?

[ichimunki]

And it is my experience that employers who ask for previous salaries during the hiring process are looking to use that information against applicants and are probably crappy places to work. I'll share my previous salary history with a potential employer just as soon as the employer is willing to tell me the exact range they have available for the open position and the salaries of everyone else on the team by job title.

Re:Why does this matter?

[netizen_james]

Why does it matter that hackers were able to get MILLIONS of SSNs and DOBs from Equifax using Equifax's horribly lax security? What does it matter that this same company was just given a HUGE contract by the IRS, even in light of their horrendously horrible security practices? Really? The point of TALX's The Work Number product was to save subscribers (e.g. WalMart and Target) time and money by not having to call previous employers in order to catch applicants who might by exaggerating their work or salary history. That's all. Nothing else. N_J

Re: Why does this matter?

lurn 2 smart quots

Re: Why does this matter?

that goes for slashdot too.

Re: Why does this matter?

[Mogusha]

I'm curious then, how many people are giving their potential employers their SSN and DOB before actually having the job?

Re:Why does this matter?

[Rob+Y.]

Typical SlashDot nerd response. "I'm so smart and good at what I do that I don't care about things that might be threatening to the rest of you mere mortals. No skin off my ass".

This story was about a company lying about how well they protect the data they gather - and then giving much of it away to anyone who asks. That should be alarming to anybody - even you self-identified tech gods.

Re:Why does this matter?

[ichimunki]

It's not about lacking confidence in one's abilities and skills. It's about negotiating leverage and wasting time. If I am expecting a big bump from what looks like a promotion to me, giving the potential employer the information about my current salary is just giving them a reason to low-ball me and now I have to go through this whole ordeal of negotiating and convincing them that I deserve more. That is a waste of time.

Not that they ever will, but if the employer simply disclosed the range up front, they could save all of us a lot of time-- a lot more time than if I tell all my potential employers what I make now or have made in the past. This is because I have a minimum I require to even consider a job change lateral, let alone a promotion worth taking the risk and effort of applying. If I know up-front that they can't afford me, then I can just skip them, rather than going through a whole song and dance just to find out they are offering short money. And if I know that the job pays a good deal more than I currently make, then I have the incentive I need to understand what they are looking for, make sure I am a fit, and spend the time necessary to convince them of it.

My current salary is totally irrelevant except as a minimum and me giving it out first is backwards. This is like playing poker against a table of people who hold their cards close, but my cards are face-up on the table. Not good odds. Furthermore, if everyone applying for the job is disclosing salary to the employer, they can use that to help them pick the lower paid of two seemingly equal candidates, rather than taking the time to discern which person might truly be the best fit on other measures.

Re: Why does this matter?

Interesting, I've read that for the goal of gender equality, some companies (Google, IIRC) never ask for the previous salary, because they don't want to incorporate and perpetuate previous gender disparities.

Re:Why does this matter?

I'm ok with giving my salary to the company, provided that they also share what they were paying the last guy.

Re:Why does this matter?

[houghi]

When asked how much I made in a previous job, my answer always was: That is irrelevant. What I am interested in is in if we are can get to an agreement to the job I am going to do here.
Those that would find that an issue would not be companies I wanted to work for anyway.
I sometimes also said no when the offer was not what I wanted. And once I asked for much more details as the pay would have been so high, it would be unrealistic. Asked them it was per month as it was more like I would be looking for per year. They said yes. I said no.

Re:Why does this matter?

[mark-t]

Your position appears to be heavily derived from an innate distrust of an employer to treat their employees or would-be employees fairly. If you expect them to want to underpay you, then why do you think they suddenly wouldn't just because you didn't tell them how much you made at your last job?

Re:Why does this matter?

[Lobachevsky]

It's against the law in NYC for prospective employers to ask for, or require, candidate compensation history. The motivation is that women and minorities are often underpaid and when leaving their salary-biased job for a new one, often this bias carries forward with them if they have to report their past salary, which makes the problem of eliminating wage gaps due to gender or race difficult when the new employer can say "hey, I'm not racist, I just paid him what he was making before.. if his last employer was racist, not my problem!". This will mean interviews will be more in-depth and employers are expected to properly assess your skills and value to the company. Employers will still be allowed to do background checks, so if you got fired for watching porn on your office pc, or for incompetence, then new employers will know about it and can decide not to hire you.

Generally, most people who are "fired" aren't really fired. We use words like "fired" and "laid off" but those are not legal terms. The only legal documents a company can file to terminate your position is "involuntary termination with cause" (you were fired), "involuntary termination without cause" (you were laid off), and "voluntary termination" (you quit). In 99% of the cases where you manager "fires" you, the paperwork they file with the government is "involuntary termination without cause" (you were laid off). People think "laid off" is when 100s are let go and "fired" is when a manager singles you out for removal. That is just a misconception and in the U.S. nearly all involuntary terminations are "without cause". This is because "with cause" is very RISKY for the employer. You can sue them if you disagree with the cause of your termination, seek damages, and reinstatement. You have NO recourse if you terminated "without cause". It's similar to "at-fault" divorce and "no-fault" divorce. Even in cases where a spouse cheats on another, they generally file the paperwork of "no-fault" divorce, because "at-fault" requires you to PROVE they were at fault and is a huge hurdle to pass. If you sucked at your job and were fired, 99% odds are that it was a "without cause" involuntary termination, despite your manager yelling "you're FIRED!" in front of the entire kitchen staff. If you stole money from the company, committed fraud, or sexually harassed colleagues, odds are you were fired "with cause" and additionally criminal charges may be filed. No company with any half-competent lawyer on retainer will ever file a "with cause" termination for an employee being mediocre or bottom performing.

Re:Why does this matter?

[mark-t]

You have NO recourse if you terminated "without cause"

Your recourse is to collect employment insurance benefits that you would otherwise not be able to collect at all.

Re:Why does this matter?

because they wouldn't know how much to underpay me by. if they are thinking of offering 50k but find out i was making 40k in my last job. they might offer me 45k instead of 50k. without that information they probably would have offered 50k.

Re:Why does this matter?

I had one lady tell me that 20k more than I was making was asking too much. So I said "well I like my job let me know what you can do bye"

It felt great when she called me back the next week and said "well it turns out they're willing to pay that" .. I said something like "but of course.. sorry I have a meeting in a minute bye"

Re:Why does this matter?

[mark-t]

That's a lot of supposition you are making.. IF they are thinking.... then they MIGHT.... they *PROBABLY*....

While it's true that your previous salary is going to reflect a baseline for whatever the employer that asks about it is going to offer, it's as unfair for you to assume that that they are necessarily thinking of paying you unfairly for the work that you will be expected to do than for the employer to assume that you would be willing to accept a wage below what is considered fair. If 45K/year is fair, even if the employer *MIGHT* have paid 50k to somebody else, then what's so bad about getting 45K instead of 50k?

Or are you saying that expect that an employer should have to pay you *MORE* than what you should legitimately be entitled to for your work?

Re:Why does this matter?

[ichimunki]

OK. Let's assume they want to pay me fairly. How does knowing my salary history help them do that?

Re:Why does this matter?

[mark-t]

It doesn't... but it doesn't hurt either... I'm not saying you should volunteer the information without being asked, but if they ask, there's no harm in giving that info out as long as they are paying fairly. Sure your previous salary is going to serve as a kind of baseline for whatever the employer is ultimately going to offer, but that doesn't mean the employer is going to want to try and rip you off or take advantage of you.

If you are being paid fairly for the work you are doing, what difference should it make that an employer might have paid you more if they hadn't known how much you made in the past? While I get having more money is nice, it's selfish to expect that an employer should have to pay more than what doing a job is reasonably worth... and if the job *IS* reasonably worth $10k more than what you were making, then if they only offer $5k more, you are in a position to make a reasonable counteroffer. If they aren't going to match that based on what the job duties are reasonably worth, then you wouldn't have been paid fairly by them anyways, even if the subject of your previous salary hadn't ever been brought up.

Re: Why does this matter?

If your tired off these sollicitations, spit on a recruiter at a public event...it worked for me but there is no coming back.

Re:Why does this matter?

[godrik]

Actually if I were a criminal looking for a place to rob or someone to ransom, I would look at estate value more than salaries. And we already pretty much know the value of housing based on public databases.

Re:Why does this matter?

[david_thornley]

Been there, done that. At one company, I agreed on a percent increase over my initial salary (definitely too low) given a promise that my salary would be re-evaluated the next year instead of a percentage applied. I had to remind them of the promise the next year. Least pleasant salary negotiations I've ever been involved in.

Re:Why does this matter?

[david_thornley]

You're assuming an awful lot of rationality there. If I'm worth* $100K, but my previous salary history make it look like $90K would be a significant raise, I'm likely to have to fight my way up to where I should be. Instead of starting with $100K and talking about other things, we're talking about salary right up front.

*Worth is a fuzzy concept here. Just go with me.

Re:Why does this matter?

[david_thornley]

lets companies know they have to offer a significant premium

Which means they're basing their initial offer on your earlier salary, which means if you were underpaid in your last job they'll offer you less than if you were paid fairly.

Re:Why does this matter?

[mark-t]

The point is to know *why* you are worth a certain amount... and if you are offered anything below that, you can objectively present your case on that, and the salary negotiation lasts exactly one exchange. If they do not match it, then they can find somebody else, thank them for taking the time to interview you and move on to the next job interview. You don't have to make it sound like an ultimatum either... as I said, if you are objectively worth $X, you should be able to present that point factually and clearly to a prospective employer. If they won't pay you that amount on some claimed idea that it represents too much of a raise for you, then you know that the employer didn't really believe your objective evaluation on why you were worth that amount in the place, because if they had, they would have agreed to pay it. And if they didn't believe it, then they wouldn't have wanted to pay it even if your previous salary had been high enough that it wouldn't have represented a big raise, and if you actually did get the higher offer, you'd be that much more likely to be the first person on the chopping block to go as soon as any hard times come along because your salary is more than what they really want to pay.

Re:Why does this matter?

[ourlovecanlastforeve]

I know it's difficult to understand for a lot of Slashdot users who live in comfortable $4,000 apartments and walk 30 feet to work or don't even go into work some days because they just don't FEEL like going into work that day but... for most people, the amount they're going to get is not a NEGOTIATION. The employer has a set amount that they've decided they're going to pay you based on your experience and what they have read on your resume, and you either take it or you don't get the job. You don't get to say "well I feel like I should get paid this and this and this because I did this and that" because if you do the employer goes "oh jee what a shame, guess we'll have to hire one of these other 400 people in this massive stack of resumes who have exactly the same experience and skills as you." Most of the time they won't even follow up with you if you make a higher offer for pay, they'll just end the conversation quickly and move on to the next candidate.

/lien bases and calendars

they wont know my DOB or SSN at first because I hid them in alternative calendars and bases

Re:/lien bases and calendars

Sorry, but all your base are belong to us. -Equifax

Remember when?

[whoever57]

Remember when people mocked the credentials of Equifax's former CIO and other people pushed back because many people in the field didn't have traditional background?

Well, it looks like security was a systemic failure at Equifax, so perhaps it's actually time to suggest that someone with a music degree wasn't qualified for the job?

Let's face it: success is defined as no known security breaches, yet, this could be down to luck rather than skill. Either no-one successfully targeted her prior employers or any breaches never became public.

Re:Remember when?

I like the part where there was SEXISM REEEEEEE'ing going on.

Because it was all about gender and not about the fact that a Music major with a pointedly blank job history had no business running security for one of the world's juiciest data targets.

Re:Remember when?

To be fair you don't need a degree in something to be good at it, work history is just as important.

So, would you rather have:

Someone with a music degree but 20 years in the IT industry

Or

Someone with a comp. sci. degree but 20 years in the music industry?

I know which I'd choose. A comp. sci. or similar degree means jack shit if you've never put it into practice.

Re:Remember when?

Equifax wasn't hiring someone straight out of college to be CSO, right? If you have worked in technology more than a few years, then you ought to know some of the best people have varied education backgrounds or even no degree at all. Demonstrated experience usually bests someone coming out of college for senior positions. The person who was CSO somehow managed to accrue work in the security field at a few different companies. Her work experience may have not amazed you or me enough to recommend her for the job, but I doubt her music degree had anything to do with the hiring.

Re:Remember when?

[Rockoon]

To be fair you don't need a degree in something to be good at it

A degree is a better signal of competency than a vagina is.

Re:Remember when?

[AmiMoJo]

Do you have one shred of evidence that she was hired because of her gender? Even the smallest hint?

"His name was James Damore."

Check out his Twitter feed. He's not the martyr you think he is.

Re:Remember when?

a music degree lets them sing a great tune when the shit hits the fan. pretty sound choice, i think.

Re:Remember when?

[The+Cynical+Critic]

The previously mentioned music degree and no previous work history in the industry? Because her since then deleted LinkedIn account didn't show anything IT related between her degree in music composition and being hired as CSO at the company.

Only way this makes any sense is if she's another diversity hire or it's just plain old nepotism (which for some reason nobody has seemed to have even considered so far).

As for Damore, what do you expect when he got this brutally stabbed in the back and misrepresented by the pseudo-progressives of silicon valley and the mainstream media?

Re:Remember when?

[AmiMoJo]

I'm not disagreeing that she doesn't appear qualified, but "diversity hire" is one of the least likely explanations. Nepotism seems far more likely. It's very common at C level.

Check Damore's twitter feed. All the claims that he was only interested in science and reason are undermined by the stuff he has posted since.

Re:Remember when?

I think maybe this extends to other higher up positions too. Why do we have CEO's so incompetent? Maybe because they actually lack the skills to do their job. Or how about the HR people who hired the Music degree person to head up security? You cannot defend hiring a person like that. Had absolutely no qualifications to perform that job. You cannot tell me nobody else applied who had better qualifications then a music degree.

Re: Remember when?

To be fair, he could have become a sexist prick since being jaded. I had an ex-wife that constantly accused me having affairs and it eventually drove me to the point that my field of fucks was so barren that I would have started having them

Re:Remember when?

[msauve]

"The previously mentioned music degree and no previous work history in the industry? Because her since then deleted LinkedIn account didn't show anything IT related between her degree in music composition and being hired as CSO at the company. "

You're making things up. Prior to Equifax, Susan Mauldin spent over 4 years at First Data as Senior Vice President and Chief Security Officer. It's not clear what "industry" you're referring to, but before that she worked for both SunTrust (financial industry) and HP (IT industry).

Re:Remember when?

A degree is neither a necessary nor a sufficient indicator of competency. Lots of people in IT and related fields like Software Engineering have degrees in other fields. Lots of people with IT-related degrees suck at it. Some rather prominent and successful people in the computer worlds have no degree at all.

a better signal of competency than a vagina

Your "vagina" comment is a good signal that posts by "Rockoon" should be ignored.

Re:Remember when?

Regardless of what she did before Equifax it's pretty clear she wasn't qualified for the role.

It's been my experience that there are plenty of people on the management track that advance despite themselves. She appears to have been one of them.

Re:Remember when?

Trump, is that you??? Next, you'll be going off on the sad & failing globalists.

Re:Remember when?

[HiThere]

From when I saw the original reference to those other jobs, it seemed to me that I had no idea what she was doing there...and, IIRC, I suspected that she was a manager.

Considering HP's recent activities I don't consider that a strong recommendation of quality. I don't know SunTrust.

If I were to actually be judging her, I'd need to look a lot deeper, but for a post I'm willing to think she was an incompetent manager who believed that she was competent, and also believed that a good manager can manage anything.

And despite that opinion, I don't believe that a technical degree proves much of anything. It's just that being a job switching manager proves even less.

Re: Remember when?

What you saw as sexism was in fact reversed sexism. The reeeeeeeee wasn't due to the fact that she was a female. It's due to the fact that she was put in that position because she had a vagina, and "muh diversity", and not because she was at all qualified for the position--which is basically a sexist hiring policy, is it not?

Re:Remember when?

So, would you rather have:

Someone with a music degree but 20 years in the IT industry

Or

Someone with a comp. sci. degree but 20 years in the music industry?

False Dichotomy

For CSO of a major corporation that specifically focus on collecting valuable personal information on the entire population? How about FUCK NO to both of those options. Why not someone with a degree in CS, and extensive industry experience preventing exactly this type of breach?

Re:Remember when?

[epine]

Well, it looks like security was a systemic failure at Equifax, so perhaps it's actually time to suggest that someone with a music degree wasn't qualified for the job?

Jaron Lanier

Knuth Discusses Bach, Pipe Organs, And CS

You: I'm not sure about this hire. Are we really, really, really sure he hasn't got a music degree? I smell a rat.

Now go back to your mother's cave, little boy.

Because the music degree itself is not the problem.

Re:Remember when?

[afxgrin]

Diversity hires rarely ever occur at the executive level.

Re:Remember when?

To be fair you don't need a degree in something to be good at it, work history is just as important.

So, would you rather have:

Someone with a music degree but 20 years in the IT industry

Or

Someone with a comp. sci. degree but 20 years in the music industry?

I know which I'd choose. A comp. sci. or similar degree means jack shit if you've never put it into practice.

If we're talking security - neither.

I want someone who knows what they are doing. The two scenarios you listed proves nothing.
Even 20 years in IT Security doesn't mean a competent security worker.

Re:Remember when?

[david_thornley]

Equality isn't when a competent women can get hired on the same basis as a man. It's when an incompetent woman can get hired on the same basis as an incompetent man.

Wait, what?

[SeaFox]

The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it.

What business is it of a potential employer what I was paid by my previous employers? All that does is weaken the applicant's position when it comes time to negotiate a starting salary.

Re:Wait, what?

[Pfhorrest]

That's why employers like that service and provide data to it. Same reason lenders like the basic credit reporting service and provide data to it. So the people in power have numbers to justify keeping you in your place.

Re:Wait, what?

The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it.

What business is it of a potential employer what I was paid by my previous employers? All that does is weaken the applicant's position when it comes time to negotiate a starting salary.

It's not a bug. It's a feature. In fact, it's pretty much the whole point.

Re:Wait, what?

That's essentially what this "service" does - lets employers fuck you in your mouth.

Re:Wait, what?

[mark-t]

It's less of an employer's business and more the business of someone you are getting a loan from or obtaining a line of credit.

Re:Wait, what?

It's less of an employer's business and more the business of someone you are getting a loan from or obtaining a line of credit.

Even then, they should just share your credit score and not any other salary information. If your loan institution wants that you can provide W2 or paystub from your place of employment.

Re:Wait, what?

The service is designed to provide automated employment and income verification for prospective employers..

Sloppy reporting. Here's what FAQ says

What information does a lender or other verifier get from The Work Number®?

The Work Number provides different "types" of verifications for different purposes. For example, if you are looking for a job, your future employer might want to check your past employment while a mortgage lender will typically need to verify your income before giving you a loan. If you apply for public aid from a social service agency, they too will need an enhanced verification. The Work Number can meet each of these needs.

Can just anyone get my income information from The Work Number?

No. You have to give someone authorization to get your income information from the service. There are numerous ways in which you can give someone authorization to access your income information. A few examples - by signing a borrower's authorization form when applying for a loan or by creating a salary key on our service, a one-time electronic signature.

Re:Wait, what?

[mark-t]

Not necessarily.. your credit score is a gross assessment of your general credit risk, but does not tell one anything about your ability to pay back loans of a given size, and while a paystub can confirm to many that you are presently employed, it says absolutely nothing about how long you've actually been employed, and how stable that income actually is.

Re:Wait, what?

Oh, that's ok. I was worried they were after my ass.

Re:Wait, what?

[lucm]

The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it.

What business is it of a potential employer what I was paid by my previous employers? All that does is weaken the applicant's position when it comes time to negotiate a starting salary.

We use this kind of service at the office and it's mostly garbage. The data is not normalized, it's full of arbitrary formats. Some are clearly hourly rates, some are either hourly rates or possibly annual salary in thousands, some use the same lingo as bank account figures like 5FH (5-figure high) or Moderate 6. The end result is that while you may be able to have an idea of what a candidate possibly made at a previous job, you have no easy way to put it in perspective because you can't aggregate shit.

Re:Wait, what?

[lucm]

Not necessarily.. your credit score is a gross assessment of your general credit risk, but does not tell one anything about your ability to pay back loans of a given size, and while a paystub can confirm to many that you are presently employed, it says absolutely nothing about how long you've actually been employed, and how stable that income actually is.

I completely agree, the score doesn't give the whole picture. I've seen records with bankruptcies getting a better score than records with a collection history that had no outstanding balance.

The system is absurd. Years ago, someone I know got a call from Visa asking when her bankruptcy would be finished so they could send her a new card. I couldn't believe it, but now that I've seen my share of credit reports I have no doubt that this happens a lot. Even a history of bad checks barely move the needle.

Re: Wait, what?

[mapkinase]

All that does is weaken the applicant's position when it comes time to negotiate a starting salary.

Yes.

Re: Wait, what?

[Ihlosi]

Yes.

"So you're looking for someone who is smart enough to do this highly-qualified job, yet uninformed enough not realize they are being underpaid?"

Re:Wait, what?

[Rockoon]

One of your mistakes is thinking that that score represents your credit risk in some way.

That score represents how profitable you are to them.

Re:Wait, what?

[AmiMoJo]

You answered your own question there. Employers seem to have an attitude that you shouldn't get a big pay increase because if you were worth that much your previous employer would have paid you more. They also like to pretend it's an indication of market rate.

Of course if it's a massive pay cut that's fine, market rates etc.

The stupid thing is that this just punishes loyalty and encourages people to change jobs every few years just to get salary bumps.

Re:Wait, what?

[houghi]

What business is it to an employer what my credit status is. You can go two times two ways
OMG He has a credit, he will steal.
OMG He has a credit, he will keep his job.
OMG He has no credit, he has no reason to be loyal
OMG He has no credit, he is no liability

That is why in Belgium only credit companies and banks have information to your credit status (as well as the person them selves) and the only info they see is current credits and loans without even the company name and if the person has been behind with payments for more than 3 months. Nobody else will have access to that data.

Re:Wait, what?

If anything there's an systemic incentive for employers to under report salary then.

Re:Wait, what?

[aaarrrgggh]

When I hire, I do want to know people's salary and employment history in detail-- not especially for negotiating compensation, although the most recent salary often gives some indication of where they should be.

The main issue is to understand where their career is going-- are they changing jobs every two years because they were fired, or because they found better jobs? Did they take a year or two off that might be relevant (generally it isn't, but certain other patterns can make it a point of consideration). And, most importantly, did they lie about their job history and position.

We used to get this type of data included in the background checks we performed before offering people a position. Now by law (at least in California) you can't do a background check until someone accepts an offer. Purely anecdotal, but our experience now is that we need to fire a higher percentage of people before their 90 day reviews-- from ~5-10% up to 15-20%.

Re:Wait, what?

No that is the government's job.

Re: Wait, what?

[mapkinase]

There is nothing about not realizing. You see, the best fruit of the progress is so much technological disparity between power and masses that the former could be completely smug about it.

Re:Wait, what?

[Solandri]

That's the problem though. This isn't your secret data. This is data that's shared between you and another party. And the other party is the one opting to share it with the credit agency.

Logically, arguing that the other party shouldn't be allowed to share this info without your permission, is equivalent to arguing that you shouldn't be allowed to write a Yelp review of a restaurant without first getting the restaurant's permission.

Re:Wait, what?

Please explain to me how it is not slander that a job candidate is consistently low-balled by employers because their previous jobs pay was lower than industry standard? Oh, you have to come out and say it with big bold letters? "THIS GUY IS CHEAP!".

I post up on yelp or glass door that your company is crap. You can sue to go through a legal process to "manage your reputation". When do I get the opportunity to correct this information?

Here's the key thing to understand. This entire fiasco is caused by trying to centralize identity. Small banks don't have issued giving out home loans, they can drive down to your place of work and check it out if they want and they know the lay of the land. But a big corp, they don't care. They care about numbers. Hence this company's name. Break up the TBTF banks, things fix themselves.

Re:Wait, what?

I suspect you've never seen a US credit report. Sure it lists how much credit you have and how much of it is being used (these are very different). More importantly, it shows how often you've been late on payments. It is a lost more than "has a credit / has no credit". I have a plenty of credit, but very little of it is being used. I have no late payments on my report at all. These means my credit score is near the top. The only thing I'm dinged on is not having a car loan; I paid cash.

Re:Wait, what?

The people who are applying to you would like to know similar information that you refuse to hand out. Is this position open because you've burned out the previous employees or failed to properly compensate them? Do you have a history of high turnover? Are you an abusive employer?

Re:Wait, what?

Posting as AC to avoid employment headaches as I have worked at companies in this field and know something about credit scores.

Not necessarily.. your credit score is a gross assessment of your general credit risk,

That's not actually true. Its an estimated measure of how much revenue your debt creates. So if you don't pay it back, that's a loss (obviously) but if you do with absurd interest then you actually are a better loan recipient than someone who pays their bills on time. There is also a bit about the amount of time it takes to recoup the original capital. But its not your credit worthiness, that's the real reason why its bad to base other decisions on a credit score.

Re:Wait, what?

[houghi]

And that is stupid as hell. In the US you need credit to have a good credit score. In Belgium they start with your income and then start deducting your POSSIBLE monthly costs.
Say you get 1500EUR. 500EUR will be deducted for cost of living, like food. You ay e.g. 500 for rent. That means you have 500 left to pay for credits and loans. If you open a credit card, the minimal amount you need to pay back is e.g. 100. For your car you need to pay back 300. You bought a TV on credit for 75 per month. That leaves you 25EUR to open a new credit. Want to buy a phone for 30EUR per month on credit? Bzzzzt. Declined.

Another example: You earn 1500 per month. You own your house and it is paid. You do not own a car. You have a TV that you bought on 75EUR per month, so you can easily get that 30EUR phone per month.

Now you did not pay for 3 month that 75EUR because you went on a holiday. You also got a promotion and now earn 10.000EUR per month You are now on the black list and can not buy that 30EUR per month for 3 months on credit phone.

After 1 year of paying the debt it will be removed.

So having LESS credits is better.

Many people who buy a house need to close their credit cards, so they can get the mortage. This because they potentially could use the card and then they potentially could be paying more than what is possible and that is a big no.

So not having a credit is better than having one.

Re:Wait, what?

[david_thornley]

You're talking about measuring ability to pay. That misses the point that two people with the same base financials might have different ideas on paying what they owe. Some people are a lot more careless with their money than others.

The idea is that the creditor wants to know how likely you are to pay what you owe, and therefore the credit agency looks at how well you have paid. The past performance is almost certainly a better guide than simple rules based on salary and assumed expenses.

What about voting history?

What protects voting history exactly? Is there a special law that would stop a data seller like Equifax (or Cambridge Analytica, or Choicepoint) from selling data on voting history? Work history is bad enough, but there does not seem to be privacy laws for anything but medical history.

In theory the voting history is supposed to be secret, but its apparently recorded if you do postal votes.

I notice that data on postal ballot votes was handed over to Trump's "Election Integrity" commission, which in turn contains Hans Von Spakovsky of the Heritage Foundation, a vote suppression specialist. These are the same election databases Russia was trying to hack last year, so I believe its very useful to groups like Heritage Foundation.

So if that data finds its way into a political data mining company, would there be an investigation into the handing over of private data and a prosecution or would be simply be ignored?

Re:What about voting history?

[negRo_slim]

Politics is already eroding slashdot's credibility, stop making it worse, that's what the editors are for.

Re:What about voting history?

[lucm]

So if that data finds its way into a political data mining company, would there be an investigation into the handing over of private data and a prosecution or would be simply be ignored?

The whole vote suppression thing is a hot potato. Suspicious tactics have been used on both sides for a long time; for instance, until his first primaries, Obama consistenly got elected by forcing opponents off the ballot on technicalities. Meanwhile, we can all remember those negative votes for Gore in Florida.

Nobody will open that can of worms.

Re:What about voting history?

[mean+pun]

Politics is already eroding slashdot's credibility, stop making it worse, that's what the editors are for.

Finally somebody is asking some insightful questions, and you complain about politics? Sounds very much like 'LALA I don't want to hear it'.

Re:What about voting history?

[TheCastro1689]

I didn't know that, did some googling, interesting.

Re:What about voting history?

Vote suppression?

The DNC RIGGED their primary, they actually rigged it. Who needs vote suppression when you can decide the outcome and ignore the votes?

Why am I the only one who brings up the DNC RIGGS national elections? You are complaining about someone speeding while ignoring the drunk driver that killed 15 people last week.

Re:What about voting history?

[HiThere]

The thing is, the "political parties" are private organizations. They are under no obligation at all to respect the voters choices. I believe they could have just appointed their selected candidate without ever going to a vote. The purpose of the primary system isn't to select the candidate, it's to drum up support for the candidate. It is *presumed* that they'll want the candidate that can get the most support, but there have been several instances in both parties that show this presumption to be false.

Re:What about voting history?

[lucm]

True, even the GOP tried to bend rules and kill the Trump nomination.

Now we have President Trump (which is hilarious) but at least Clinton is not in a position to use the Army, FBI, CIA and NSA as her personal servants, so we dodged the worst bullet.

Still, it would be nice to have serious candidates in the presidential race once in a while. For instance, a Romney/Sanders race would have been a great opportunity to discuss core issues instead of talking about grabbing pussies or about secretary of states who sent top secret emails over plain smtp using the Exchange server installed in her pantry.

Re:What about voting history?

[david_thornley]

Voting history is public where I live. It's possible to get copies of the signature logs, so people will know whether you voted in a particular election. No records are kept of how you voted. I don't see how people knowing that I voted or not is going to cause any problems.

When is enough, enough?

[Blinkin1200]

When is enough, enough, and the peasants rise with pitchforks, rakes, and torches? (none of those stinking tiki torches though)

Stick a fork in them.

[sconeu]

Time for the corporate death penalty. If "corporations are people", then they can get the death penalty.

Yank their charter. And, if possible, blacklist their CxOs.

Re:Stick a fork in them.

[doctorvo]

If "corporations are people", then they can get the death penalty

Corporations are people in the sense that soylent green is people: they are composed of people. So you are saying that you want to put all the shareholders of a corporation into the electric chair. Doesn't seem like a good idea. In fact, it's exactly the sort of thing that corporations were created to prevent.

Re:Stick a fork in them.

[lucm]

if possible, blacklist their CxOs.

Marissa Mayer made roughly $900,000 for every week she spent at Yahoo, while driving the company into the ground. And yet her name was mentioned as a possible new CEO for Uber.

There's no blacklist for those people

Re:Stick a fork in them.

[AmiMoJo]

Mayer destroyed Yahoo, and is now being considered to destroy Uber. I don't see a down site to this.

Re:Stick a fork in them.

The point he's making is that, through legal trickery, corporations are treated as legal entities just like people. Except when it suits the people who own them; then they mysteriously become collections of people again so that it's hard or impossible to hold them to any normal standard of accountability. To avoid this double standard it should be possible to effectively prevent a company from damaging society any further in the same way that we can lock up criminals. Not that it will ever happen - the "invisible hand" will be trusted to sort it out, safe in the knowledge that the hand is invisible because it's not there.

Re: Stick a fork in them.

Downside is that she will not ruin it fast enough. I could do it twice as fast for the same pay. Hire me.

Re: Stick a fork in them.

[Ogive17]

Oh, I didn't realize Yahoo was have such great success before Meyer.

She didn't drive them into the ground but she also didn't save them.

Re:Stick a fork in them.

Yahoo was dead before Marissa Mayer came along.

The fact that she's a completely worthless tool who just pumped enough stock price to bail out the venture capitalist and investment firms by selling it for something rather than watching it disintegrate into nothingness has nothing to do with if Yahoo was going to survive or not.

Yahoo was already dead.

Mayer did exactly what she was hired to do, sell it before it was a complete and total loss to investors.

She's not a CEO thats good at running a company, she's a CEO that you put in place when you want the company dead with the least amount of pain as possible and a great scapegoat

Re:Stick a fork in them.

[nine-times]

Yahoo was a failing company before Mayer got anywhere near it. She failed to save it. At worst, maybe you could make an argument that she hastened its demise.

At the same time, when a company is on its last leg like that, you only really have two choices:

1) Accept that it's going to fail and try to stretch things out as long as possible.
2) Take a gamble and try to rescue it. If it doesn't work, you may be hastening its demise.

I don't know all the details, so I'm not going to try to argue whether she was a good CEO or bad one, but it's not like Yahoo was a thriving company with a bright future.

Re:Stick a fork in them.

No their is a third choice.
3) Find a way to extract value out of the carcass before the company dies.

There are many ways to do that. One is to sell off company assets, which include IP. Sometimes even just the name of a company is worth enough for another company to buy you out, debt and all. (see Southwestern Bell ne AT&T).
Mayer's job was to extract value out of Yahoo before it became worthless. She succeeded in that. Her job never was to save Yahoo.
Likewise if Uber hires her her job will be to find a way to get value out of Uber for it's investors before regulation catches up to it and kills it.

Re:Stick a fork in them.

Yes, and it's possible that we've taken liability limitation a little too far.

Re:Stick a fork in them.

[HiThere]

Based on various different news reports, I'd say that she was a very bad CEO, but not a truly terrible one. Yahoo was dying, and nobody was going to save it, so she ended up with the job of killing it in the most profitable manner. She killed it in a profitable manner. She hurt more people than she needed to in the process, and she was greedy, but nobody was going to do a job like that for idealistic reasons.

Re:Stick a fork in them.

[nine-times]

Well that raises a question for me: If her job was to kill Yahoo in a profitable manner, and she killed Yahoo in a profitable manner, then was she a bad CEO?

Re:Stick a fork in them.

[HiThere]

She hurt a lot more people than she had to, and she was greedy. So yes, she was a bad CEO.

Re: Stick a fork in them.

[lucm]

Yes she did. Yahoo was struggling but profitable before Mayer.

She sabotaged all the cash cows, like the women website (shine) because she felt it was tacky. She replaced it with immensely expensive bloggers that the usual Yahoo users didn't care about (like Katie Couric) and fancy fashion blogs that she liked but that drove away the millions of loyal users. Ad money dwindled down as she tried to attract sophisticated users that didn't want anything to do with Yahoo and scared away the peasants that were the real customer base but that she didn't like. She was like someone buying a McDonald's franchise and replacing bigmacs with $25 goat cheese paninis, then wondering why both the former customers and the fancy new ones she wanted to attract didn't show up.

She spent 1 BILLION for tumblr, which never paid off. She also made 50+ other acquisitions that went nowhere, see the list here:
https://gizmodo.com/heres-what...

She also antagonized important partners and key internal team members, in part because she was extremely rude (being hours late for meetings with clients, making people beg for meetings in 5-minute increments and making them wait in line in front of her office, etc) and in part because she tried to rebuild a Google team at yahoo but hired all the wrong people, like Henrique De Castro (a 60 million dollars mistake) who himself antagonized everyone.

She also repeatedly botched possible partnerships with media companies and tech companies.

For the record, there's many examples of people who took companies in far more dire situations and turned them around, like Steve Jobs or Alan Mullaly, or even Lou Gerstner back in the 90s. Mayer had no vision, no strategy, and no execution skills, and yet she got paid more than those people.

Re:Stick a fork in them.

[lucm]

She's not a CEO thats good at running a company, she's a CEO that you put in place when you want the company dead with the least amount of pain as possible and a great scapegoat

I see that you buy into the "glass cliff" narrative, but the truth is that no, she wasn't hired to sink the company. She was hired because board members thought that she had played a key role in creating Google and that she could bring some of that magic to Yahoo.

The same board members who hired her tried repeatedly to get rid of her. See this famous letter:
http://www.starboardvalue.com/...

Don't rewrite history. She was given all the money and power she needed, and she failed, full stop.

Re:Stick a fork in them.

[lucm]

I'm not going to try to argue whether she was a good CEO or bad one, but it's not like Yahoo was a thriving company with a bright future.

Yahoo was making a profit between 1 and 4 billions per year, for the 10 years prior to Mayer. Now the company doesn't exist.

Feel free to be nonchalant with billions of dollars, millions of users and tens of thousands of employees if you want, but this was real money for real people, and now it's gone.

Re:Stick a fork in them.

[david_thornley]

The corporate death penalty doesn't change liability limitation. The limitation is that I can lose no more money than I invest in a company. If I buy $10K of it, I can't wind up $20K poorer if it tanks. I can take bigger paper losses, but only if there's paper gains beforehand.

If it were treated as automatic bankruptcy, there's likely to be assets left for the shareholders. Normally, bankruptcy is because a company owes more than it can pay, and so all the assets are taken by categories of higher priority than shareholders (like lenders).

You know it's almost as if

[rsilvergun]

our entire economic system was rigged against the working class. Good thing that would never happen.

Re:You know it's almost as if

This from the guy supporting people who called workers "deplorable"

Good job!

Re:You know it's almost as if

[netizen_james]

No, the people who were calling racist bullies and nazis 'deplorable'.

Re:You know it's almost as if

[david_thornley]

It's almost as if ACs didn't know any history, and had no clue that things change over time.

equality of predation

[Reverend+Green]

Site designed to help capitalists to abuse workers is abused by non-capitalists. I feel profound indifference.

Zzzzp

[Tablizer]

If corporations are people, give that bastard the electric chair.

Technically True...

[nick_davison]

âoeWith your consent your personal data can be retrieved only by credentialed verifiersâ

However, without your consent, weâ(TM)ll share it with anyone that offers us money. And we never seek your consent.

Re: Technically True...

And this coming from someone who posted from an iPhone (or iPad)

Re: Technically True...

Says the anonymous coward who's shit has probably been stolen 10 times over by >.

Re: Technically True...

...by ((insert_Android_malware_here)).

Sloppy rebuttal

[radarskiy]

None of those sections refute anything in the article.

The first section describes what different requestors might want, not what they are limited to getting.

The second section how the requestors access may be authorized, not whether an unauthorized requested is limited in any way.

Note that Krebs actually obtained the information you claim cannot be obtained in this manner.

Re:Sloppy rebuttal

Wasn't trying to refute anything in the article other than the sloppy reporting of what the service was for. Income verification could be provided for prospective employers, but in all likelyhood its main purpose is for obtaining loans, or receiving some form of financial aid. And it was sloppy because it obviously lead to confused questions about potential employers getting access to your income info. They only would get that if you let them have it.

But since you mention it, there is no way that Krebs or whoever wrote this article could possibly support the allegation that the "vast majority" of PINS are simply the birthdate, or the userid are mostly SSNs. Remember this service is used by thousands of businesses and state and local governments with millions of employee information on files. It's simply not possible to just pick a random employee, match him to his employer by either name or employer ID code, know the employee ID and know his birthday to try as a PIN. No, either the author was working off a stolen copy of the database, or simply exaggerating about the defaults. In order to get the information, you still have to know the employee's ID within the company (could be SSN, could be internal ID number), the company they work for, or employer code, and the PIN, which is set by the employer, not Equifax. Maybe a number of employers use birthdates, and maybe a number use some other scheme like birthdate+last 4 digits of SSN, or some use zip codes. You only have 3 or 4 shots to input the right information before the system locks you out for a period. It isn't that insecure as the article makes it out to be.

Re:Sloppy rebuttal

[lucm]

it obviously lead to confused questions about potential employers getting access to your income info. They only would get that if you let them have it.

In some industries it's a standard practice. I've worked for a firm that does "sensitive" work for a government agency (at least according to them, if you ask me it was not all that sensitive) and short of a finger up the ass they probed every intimate corner of my life. Background check, salary history, parking tickets, credit cards balance, I even had to get an affidavit from the police station stating that I wasn't the subject of an investigation and that I had no history of public disturbance. Technically I could have said no, but that would have been the same as turning down the job.

Re:Sloppy rebuttal

This is how government authoritarians wish they could treat everybody but a bunch of really annoying worker protections get in their way. Hopefully this will end soon.

So if you are broke and unemployed...

[EzInKy]

...you are golden? Good to know!!

Dox Congress

[Required+Snark]

The only way to wake the government up is to stick a red hot poker up it's collective ass. In this case Congress has spent decades sucking up to self serving business dimwits who think security is a waste of money. The answer: dox every member in Congress, both House and Senate. That would get their attention.

It's not like their info isn't already compromised. Between Equifax and all the other leaks, particularly the Office of Personal Management fiasco, everyone who gets a government paycheck can easily have their identity stolen. It's a dead certainty that both the Russians and the Chinese can impersonate anyone in the government online almost instantly. It's a security nightmare that has been covered up. Showing how completely screwed all our security is would be a public service. It would force government and business to behave responsibly for a change.

The really ballsy move would be to apply for credit cards for all of Congress and then go to Amazon and buy a sex toy packing, one for their office and one for their home. It would be suicidal at the level of Kim Dotcom or Assange, but it would be funny. You could have a great laugh in Gitmo when the FBI is tasering your eyeballs.

Re:Dox Congress

They would rather distract you from that by bringing up football players taking a knee or confederate monuments then dare confront their corporate masters.

Re:Dox Congress

Bread and circuses then, without the bread?

Re: Dox Congress

They forgot the bread...that explain why the man cannot impose more than the partial Totalitarismes we currently have in Occident

just make it public already

[doctorvo]

Incredibly, this same division makes it simple to access detailed salary and employment history on a large portion of Americans

Sweden makes tax returns public with no apparent ill effect. The US already makes real estate values, ownership, and taxes public, and we should do the same thing for income tax returns.

Re:just make it public already

[belthize]

Agreed. The problem isn't public access to information it's limited private access to information. Some of the comments above about corporations using the information as leverage are missing the point. The leverage doesn't extend from their access to the information, it extends from their unique access which the employee doesn't have.

Re:just make it public already

Sweden also has a rational worker protection system and isn't an economic titan. You can't just copy/paste policy onto the US without the infrastructure and culture that makes it work and expect the same results.

Re:just make it public already

Incredibly, this same division makes it simple to access detailed salary and employment history on a large portion of Americans

Sweden makes tax returns public with no apparent ill effect. The US already makes real estate values, ownership, and taxes public, and we should do the same thing for income tax returns.

Kidnapping of the well-off is already endemic south of the border. How things work in the US is very diffferent from how it works in Nordic countries near the Arctic circle. Publicizing tax returns, because it seems to have little ill effect in a low-crime homogeneous Nordic state, does not mean it will have no effect here, other than gratifying busybodies, employers and kidnappers.

If the government wishes to release summaries of anonymized data, I'd have no issue with that.

Re:just make it public already

[PPH]

Just another reason to be a sole proprietor/contractor. Who else did I or do I work for? Sorry, that's privileged information. How much did I or do I earn? That varies, sometimes by an order magnitude. Do you really want to pay my top rate when I might be negotiating a lower one with you just to do some interesting work.

And 'work history' is also a tool of corporate espionage. When you are a key person in an industry, who you are working with will give competitors an idea about new products and strategic decision making.

Re:just make it public already

[godrik]

And 'work history' is also a tool of corporate espionage. When you are a key person in an industry, who you are working with will give competitors an idea about new products and strategic decision making.

Interesting, I never thought of that. Though for most employment/global statistics usage, history 2 years back might just be good enough.

Re:just make it public already

[doctorvo]

Just another reason to be a sole proprietor/contractor. Who else did I or do I work for? Sorry, that's privileged information.

Not if your tax returns were public.

And 'work history' is also a tool of corporate espionage.

By definition, obtaining government-published data is not "corporate espionage".

When you are a key person in an industry, who you are working with will give competitors an idea about new products and strategic decision making.

And the problem with that would be... ?

Re:just make it public already

[PPH]

Not if your tax returns were public.

I'll incorporate overseas in a country with strict privacy laws.

By definition, obtaining government-published data is not "corporate espionage".

My companies' government won't publish data.

Re:just make it public already

[doctorvo]

Well, the fact that you throw a hissy fit over publishing your salary doesn't amount to a rational, convincing argument against such a policy.

No more tricks for us.

Years ago in order to get a job, I took a pretty low starting salary.

I moved to another job after a couple of years because that company treated us like shit.

Anyway, upon looking for another job, I find out that I was being paid about a third less than my peers.

When I told my real salary to the recruiter and that I wanted to be paid the same as my peers - same experience and skills - I was told that I was being unreasonable to expect an employer to give me that much of a raise. She found me something and the employer offered me a $5,000 increase - but I'd still be paid WAAYYYY less than my peers. I rejected it and the recruiter seeing her commission evaporate became a real bitch. (recruiters work for the EMPLOYER NOT FOR YOU! If you think they are your friend, you are naive.)

I ignored her calls and found another recruiter (they grow on trees) and lied about my current pay at the time. Can't do that anymore.

Seriously? They charge market prices for their products. We are not allowed to do the same?

And this shit of kids who get out of college in bad times will be paid less for the rest of their lives? Just because they were unlucky enough to get out of school during a recession?

This system is fucked and rigged against us.

...What?

The Work Number is used to automate employment verification. The company doesn't just make it available, companies have to sign up and pay for The Work Number. Every time a company uses The Work Number, the person/entity requesting the verification has to pay for it.

They usually only give you dates of employment and position, in order to get salary information there's a whole process and it would be EXTREMELY easy to find out who requested the information.

How I know this: I do background screenings for a living.

The problem isn't the information but asymmetry

The status quo of only the employer (or someone having the right personal info) being able to find out what you make is lopsided in favor of companies. They have a bigger data set on what a given role pays than the applicant.

Since the data is now easily accessible to anyone who is looking to commit a crime, maybe it's time for the data to just be out there for anyone. At least that way, employees could get known accurate data on how their salary stacks up in the market instead of relying on the self reporting of others.

Oh My God...

People are losing their heads over this. The Work Number is only one of the services that do this, but because it's owned by Equifax (Apparently), everyone's freaking out about it. To look up a record on The Work Number costs money, and the only thing they're doing is providing a service. Large companies (Such as Wal-Mart) use the work number to streamline their employment verification process so they don't have to deal with it on the day the day.

Hell, Robert Half has their OWN version of this, and it requires less money, less information, and is FREE and it does the same thing The Work Number does for anyone that's ever worked with Half and Half.

There's also Thomas and Company, U-Confirm, and many many many others.

Any time you have a background check and list your former employers (or DON'T list your former employers) - The Work Number is probably used to check and make sure the information you provided is correct.

How I know: I do background screenings.

This really means nothing to me

I'm a state government employee. My pay and benefits information is available for the general public to look up with just my name.

The CIO was a scarecrow. Always was.

The CIO was a scarecrow. Always was.

Good operational security is more important than fall guys.

Re:The CIO was a scarecrow. Always was.

[chihowa]

That's just as big of a failure. A good fall guy is at least convincing and allows you to claim that you were taking matters seriously. If your fall guy is obviously unqualified, all of the responsibility gets shifted back to you for choosing somebody that is clearly not fit for the role.

They failed at having good operational security and at picking effective fall guys/gals.

This has been a problem since at least 2013

Discovered and reported to them in 4Q13. Their response: "Yeah it's not a problem." Our response: "GTFO."

This is true but she is still a PHB

[i286NiNJA]

Being someone who said she was clearly not real infosec material it's satisfying to see more and more complete data come out that confirms my intuition. It's not the music degree.. it's the whole package.

Those were shitty low energy dried out turds of companies during the years she worked there. Equifax's CEO described the company as a culture of tenure and mediocrity, so with a history like that sidestepping into a CISO role where she could cyber-this and cyber that until a better C-level position opened up was a natural fit for her.

Too bad for her the inevitable shit hit the fan while she was in the hotseat, stories are coming out that everyone knew it would happen eventually. She was exactly as competent as they needed her to be.

How bad does she have to be?

Before people stop falling over themselves to defend her?
She could have EE/CS undergrad with a MBA and she still sucks. She is not mudge or the wizard at your work who dropped out of highschool she is a Pointy Haired Bastard and she would probably not piss on you to put you out.

May i remind you that equifax is now saying this breach is the fault of one single engineer... not a C-level executive. She would have roasted you to save toilet paper.

I think you're manic

This post barely makes any sense, yes people will try to pay the least they can for things right up to stealing them. Since they benefit from keeping their money it's reasonable and prudent to assume so in most transactions.
It's also wise to wave away any insinuation that you're being unreasonable by asking for more.

Surprise surprise I find that I usually make a little more than my co-workers in the same position wherever I work.. because I don't talk no for an answer.

Re:I think you're manic

[mark-t]

.... because I don't talk no for an answer.

Then telling them that an offer that they make which might be only slightly more than your previous salary and less than what you were hoping for shouldn't be a problem for you, should it?

I earned this attitude

Not by being the smartest, most productive, or anything like that.

But because I got fucked in the ass by society until I went from janitor, the military (janitor pt2 with bullets) skip a few and then a respectable engineering position. I know exactly how much people will take advantage of each other because it's so apparent when you start from low places. The worst part is that I could walk up to my 18 year old self and skipped half that shit, it was just that I was surrounded by people who actively interfered with my success in order to use me for menial tasks, not even because I was good at them... but because it would have been a pain to replace me. Willing to throw away a promising young man's life to avoid the hassle of doing some interviews!

Now I act like a smug prick when I deal with certain people, recruiters, hr, etc my reward is a chill office, high pay, and get this... a boss who actively makes sure I'm enhancing my career. I don't act like a smug prick to my boss and co-workers though.

Totally illegal in most countries

[aberglas]

Certainly Australia. No way salary let alone detailed credit history can be accumulated by a private company and sold.

Mind you, we became a bit more like the US recently (2014) with watering down of these laws with no good reason and far too little debate.