Equifax Made Salary, Work History Available To Anyone With Your SSN and DOB

An anonymous reader quotes a report from KrebsOnSecurity: In May, KrebsOnSecurity broke a story about lax security at a payroll division of big-three credit bureau Equifax that let identity thieves access personal and financial data on an unknown number of Americans. Incredibly, this same division makes it simple to access detailed salary and employment history on a large portion of Americans using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax. At issue is a service provided by Equifax's TALX division called The Work Number. The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it. The Work Number also allows anyone whose employer uses the service to provide proof of their income when purchasing a home or applying for a loan.

The homepage for this Equifax service wants to assure visitors that "Your personal information is protected." "With your consent your personal data can be retrieved only by credentialed verifiers," Equifax assures us, referring mainly to banks and other entities that request salary data for purposes of setting credit limits. Sadly, this isn't anywhere near true because most employers who contribute data to The Work Number -- including Fortune 100 firms, government agencies and universities -- rely on horribly weak authentication for access to the information.

Re:Why does this matter?

"many places"??? FUCK YOU. Who wants to share their salary? So that they can screw you up when you lose a job and have to find another?

Wait, what?

[SeaFox]

The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it.

What business is it of a potential employer what I was paid by my previous employers? All that does is weaken the applicant's position when it comes time to negotiate a starting salary.

Re:Wait, what?

[Pfhorrest]

That's why employers like that service and provide data to it. Same reason lenders like the basic credit reporting service and provide data to it. So the people in power have numbers to justify keeping you in your place.

Re:Wait, what?

The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it.

What business is it of a potential employer what I was paid by my previous employers? All that does is weaken the applicant's position when it comes time to negotiate a starting salary.

It's not a bug. It's a feature. In fact, it's pretty much the whole point.

Re:Why does this matter?

If you are a criminal deciding who to steal from, or who's relatives to kidnap for ransom, wouldn't you like a big list of everybody's salaries?

You know it's almost as if

[rsilvergun]

our entire economic system was rigged against the working class. Good thing that would never happen.

Re:Why does this matter?

[mark-t]

If you weren't making enough at your previous job to meet your expectations, then why did you stay it at it long enough that it would even be an issue? If you were making good money for what you were doing, and are applying for a similar role, it's fair to mention, when answering a question about your previous salary, that you'd expect to be making about the same amount. If the job entails more responsibilities, then it's fair to instead say you'd expect to be making somewhat more than what you were making before because of that.

It's my experience, however, that most people who are reluctant to share their previous salaries either don't have enough self confidence to believe they are worth as much as what they believe the job they are applying for should reasonably pay (which tells the employer they could probably underpay them anways), or else they have unrealistic ideas about what their skills are actually even worth, which means they wouldn't be satisfied with a reasonable offer anyways so the company is probably better off hiring someone else.

Dox Congress

[Required+Snark]

The only way to wake the government up is to stick a red hot poker up it's collective ass. In this case Congress has spent decades sucking up to self serving business dimwits who think security is a waste of money. The answer: dox every member in Congress, both House and Senate. That would get their attention.

It's not like their info isn't already compromised. Between Equifax and all the other leaks, particularly the Office of Personal Management fiasco, everyone who gets a government paycheck can easily have their identity stolen. It's a dead certainty that both the Russians and the Chinese can impersonate anyone in the government online almost instantly. It's a security nightmare that has been covered up. Showing how completely screwed all our security is would be a public service. It would force government and business to behave responsibly for a change.

The really ballsy move would be to apply for credit cards for all of Congress and then go to Amazon and buy a sex toy packing, one for their office and one for their home. It would be suicidal at the level of Kim Dotcom or Assange, but it would be funny. You could have a great laugh in Gitmo when the FBI is tasering your eyeballs.

Re:Stick a fork in them.

[lucm]

if possible, blacklist their CxOs.

Marissa Mayer made roughly $900,000 for every week she spent at Yahoo, while driving the company into the ground. And yet her name was mentioned as a possible new CEO for Uber.

There's no blacklist for those people

Re:Remember when?

To be fair you don't need a degree in something to be good at it, work history is just as important.

So, would you rather have:

Someone with a music degree but 20 years in the IT industry

Or

Someone with a comp. sci. degree but 20 years in the music industry?

I know which I'd choose. A comp. sci. or similar degree means jack shit if you've never put it into practice.

Re:Why does this matter?

[Alain+Williams]

This only gives a person's work history? ..... Again, why is this a big deal?

The point is that this results in an uneven playing field when negotiating salary. The company knows what you are earning and can make an offer close to that. You do not know what the company is prepared to pay (eg: average of those doing a similar job at the company). The potential employee is thus at a negotiating disadvantage.

Knowing the average industry salary for the job that you are seeking does not give equal negotiating power. If you are currently being paid less than the average you could find yourself in a place that is hard to get out of.

Re:Stick a fork in them.

Yahoo was dead before Marissa Mayer came along.

The fact that she's a completely worthless tool who just pumped enough stock price to bail out the venture capitalist and investment firms by selling it for something rather than watching it disintegrate into nothingness has nothing to do with if Yahoo was going to survive or not.

Yahoo was already dead.

Mayer did exactly what she was hired to do, sell it before it was a complete and total loss to investors.

She's not a CEO thats good at running a company, she's a CEO that you put in place when you want the company dead with the least amount of pain as possible and a great scapegoat