Slashdot Mirror
Equifax Made Salary, Work History Available To Anyone With Your SSN and DOB (krebsonsecurity.com)
An anonymous reader quotes a report from KrebsOnSecurity: In May, KrebsOnSecurity broke a story about lax security at a payroll division of big-three credit bureau Equifax that let identity thieves access personal and financial data on an unknown number of Americans. Incredibly, this same division makes it simple to access detailed salary and employment history on a large portion of Americans using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax. At issue is a service provided by Equifax's TALX division called The Work Number. The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it. The Work Number also allows anyone whose employer uses the service to provide proof of their income when purchasing a home or applying for a loan.
The homepage for this Equifax service wants to assure visitors that "Your personal information is protected." "With your consent your personal data can be retrieved only by credentialed verifiers," Equifax assures us, referring mainly to banks and other entities that request salary data for purposes of setting credit limits. Sadly, this isn't anywhere near true because most employers who contribute data to The Work Number -- including Fortune 100 firms, government agencies and universities -- rely on horribly weak authentication for access to the information.
The homepage for this Equifax service wants to assure visitors that "Your personal information is protected." "With your consent your personal data can be retrieved only by credentialed verifiers," Equifax assures us, referring mainly to banks and other entities that request salary data for purposes of setting credit limits. Sadly, this isn't anywhere near true because most employers who contribute data to The Work Number -- including Fortune 100 firms, government agencies and universities -- rely on horribly weak authentication for access to the information.
Remember when people mocked the credentials of Equifax's former CIO and other people pushed back because many people in the field didn't have traditional background?
Well, it looks like security was a systemic failure at Equifax, so perhaps it's actually time to suggest that someone with a music degree wasn't qualified for the job?
Let's face it: success is defined as no known security breaches, yet, this could be down to luck rather than skill. Either no-one successfully targeted her prior employers or any breaches never became public.
The real "Libtards" are the Libertarians!
"many places"??? FUCK YOU. Who wants to share their salary? So that they can screw you up when you lose a job and have to find another?
What business is it of a potential employer what I was paid by my previous employers? All that does is weaken the applicant's position when it comes time to negotiate a starting salary.
If you are a criminal deciding who to steal from, or who's relatives to kidnap for ransom, wouldn't you like a big list of everybody's salaries?
When is enough, enough, and the peasants rise with pitchforks, rakes, and torches? (none of those stinking tiki torches though)
Time for the corporate death penalty. If "corporations are people", then they can get the death penalty.
Yank their charter. And, if possible, blacklist their CxOs.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Sorry, but all your base are belong to us. -Equifax
our entire economic system was rigged against the working class. Good thing that would never happen.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Site designed to help capitalists to abuse workers is abused by non-capitalists. I feel profound indifference.
If corporations are people, give that bastard the electric chair.
Table-ized A.I.
Politics is already eroding slashdot's credibility, stop making it worse, that's what the editors are for.
On the Oregon Cost born and raised, On the beach is where I spent most of my days
If you weren't making enough at your previous job to meet your expectations, then why did you stay it at it long enough that it would even be an issue? If you were making good money for what you were doing, and are applying for a similar role, it's fair to mention, when answering a question about your previous salary, that you'd expect to be making about the same amount. If the job entails more responsibilities, then it's fair to instead say you'd expect to be making somewhat more than what you were making before because of that.
It's my experience, however, that most people who are reluctant to share their previous salaries either don't have enough self confidence to believe they are worth as much as what they believe the job they are applying for should reasonably pay (which tells the employer they could probably underpay them anways), or else they have unrealistic ideas about what their skills are actually even worth, which means they wouldn't be satisfied with a reasonable offer anyways so the company is probably better off hiring someone else.
File under 'M' for 'Manic ranting'
âoeWith your consent your personal data can be retrieved only by credentialed verifiersâ
However, without your consent, weâ(TM)ll share it with anyone that offers us money. And we never seek your consent.
Or when you started off with a low salary, and employers thought it was up to them to keep your salary "reasonable" for the sake of you blowing all that extra cash.
None of those sections refute anything in the article.
The first section describes what different requestors might want, not what they are limited to getting.
The second section how the requestors access may be authorized, not whether an unauthorized requested is limited in any way.
Note that Krebs actually obtained the information you claim cannot be obtained in this manner.
...you are golden? Good to know!!
Time is what keeps everything from happening all at once.
It's not like their info isn't already compromised. Between Equifax and all the other leaks, particularly the Office of Personal Management fiasco, everyone who gets a government paycheck can easily have their identity stolen. It's a dead certainty that both the Russians and the Chinese can impersonate anyone in the government online almost instantly. It's a security nightmare that has been covered up. Showing how completely screwed all our security is would be a public service. It would force government and business to behave responsibly for a change.
The really ballsy move would be to apply for credit cards for all of Congress and then go to Amazon and buy a sex toy packing, one for their office and one for their home. It would be suicidal at the level of Kim Dotcom or Assange, but it would be funny. You could have a great laugh in Gitmo when the FBI is tasering your eyeballs.
Why is Snark Required?
Sweden makes tax returns public with no apparent ill effect. The US already makes real estate values, ownership, and taxes public, and we should do the same thing for income tax returns.
So if that data finds its way into a political data mining company, would there be an investigation into the handing over of private data and a prosecution or would be simply be ignored?
The whole vote suppression thing is a hot potato. Suspicious tactics have been used on both sides for a long time; for instance, until his first primaries, Obama consistenly got elected by forcing opponents off the ballot on technicalities. Meanwhile, we can all remember those negative votes for Gore in Florida.
Nobody will open that can of worms.
lucm, indeed.
Politics is already eroding slashdot's credibility, stop making it worse, that's what the editors are for.
Finally somebody is asking some insightful questions, and you complain about politics? Sounds very much like 'LALA I don't want to hear it'.
This only gives a person's work history? ..... Again, why is this a big deal?
The point is that this results in an uneven playing field when negotiating salary. The company knows what you are earning and can make an offer close to that. You do not know what the company is prepared to pay (eg: average of those doing a similar job at the company). The potential employee is thus at a negotiating disadvantage.
Knowing the average industry salary for the job that you are seeking does not give equal negotiating power. If you are currently being paid less than the average you could find yourself in a place that is hard to get out of.
This only gives a person's work history? Far less of an issue than getting a loan in another person's name. Unless someone can show me a hack that makes use of this information that's worse than getting a credit line... Many places are also making a switch to transparent salaries anyway. Again, why is this a big deal?
Many places? Please, feel free to elaborate with a list of the 0.001% of companies doing this.
No, because the best targets of kidnapping or theft are those who are so rich they don't need to draw a salary.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Depends on the nature of the job, if your skills are in demand and your relatively content in your existing position then it lets companies know they have to offer a significant premium in order to tempt you away.
I get headhunters contact me all the time offering *LESS* than i'm currently on, to do the same job under less convenient/flexible conditions.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Years ago in order to get a job, I took a pretty low starting salary.
I moved to another job after a couple of years because that company treated us like shit.
Anyway, upon looking for another job, I find out that I was being paid about a third less than my peers.
When I told my real salary to the recruiter and that I wanted to be paid the same as my peers - same experience and skills - I was told that I was being unreasonable to expect an employer to give me that much of a raise. She found me something and the employer offered me a $5,000 increase - but I'd still be paid WAAYYYY less than my peers. I rejected it and the recruiter seeing her commission evaporate became a real bitch. (recruiters work for the EMPLOYER NOT FOR YOU! If you think they are your friend, you are naive.)
I ignored her calls and found another recruiter (they grow on trees) and lied about my current pay at the time. Can't do that anymore.
Seriously? They charge market prices for their products. We are not allowed to do the same?
And this shit of kids who get out of college in bad times will be paid less for the rest of their lives? Just because they were unlucky enough to get out of school during a recession?
This system is fucked and rigged against us.
I think you've omitted a scenario that would cover a heck of a lot of people:
an employee outgrows their current position and applies for a job that *should* pay much, much better.
Of course, a prospective employer would love to know the applicant's previous pay so that can offer a minimal pay rise as enticement.
Just imagine the reverse:
within every job ad companies having to include the maximum they're willing to pay for each position.
And what does that have to do with bieng reluctant to disclose their previous salary? As I said, if the job they are applying for has more responsibilities, it's fair to mention that almost immediately in the context of discussing your previous salary. Also, what you are saying is strongly indicative of lacking the confidence in one's own abilities and skills to realize they may actually be worth what they expect the position they are applying for could actually pay.
File under 'M' for 'Manic ranting'
I didn't know that, did some googling, interesting.
And it is my experience that employers who ask for previous salaries during the hiring process are looking to use that information against applicants and are probably crappy places to work. I'll share my previous salary history with a potential employer just as soon as the employer is willing to tell me the exact range they have available for the open position and the salaries of everyone else on the team by job title.
I do not have a signature
I'm curious then, how many people are giving their potential employers their SSN and DOB before actually having the job?
Typical SlashDot nerd response. "I'm so smart and good at what I do that I don't care about things that might be threatening to the rest of you mere mortals. No skin off my ass".
This story was about a company lying about how well they protect the data they gather - and then giving much of it away to anyone who asks. That should be alarming to anybody - even you self-identified tech gods.
Posted from my Android phone. Oh, I can change this? There, that's better...
It's not about lacking confidence in one's abilities and skills. It's about negotiating leverage and wasting time. If I am expecting a big bump from what looks like a promotion to me, giving the potential employer the information about my current salary is just giving them a reason to low-ball me and now I have to go through this whole ordeal of negotiating and convincing them that I deserve more. That is a waste of time.
Not that they ever will, but if the employer simply disclosed the range up front, they could save all of us a lot of time-- a lot more time than if I tell all my potential employers what I make now or have made in the past. This is because I have a minimum I require to even consider a job change lateral, let alone a promotion worth taking the risk and effort of applying. If I know up-front that they can't afford me, then I can just skip them, rather than going through a whole song and dance just to find out they are offering short money. And if I know that the job pays a good deal more than I currently make, then I have the incentive I need to understand what they are looking for, make sure I am a fit, and spend the time necessary to convince them of it.
My current salary is totally irrelevant except as a minimum and me giving it out first is backwards. This is like playing poker against a table of people who hold their cards close, but my cards are face-up on the table. Not good odds. Furthermore, if everyone applying for the job is disclosing salary to the employer, they can use that to help them pick the lower paid of two seemingly equal candidates, rather than taking the time to discern which person might truly be the best fit on other measures.
I do not have a signature
When asked how much I made in a previous job, my answer always was: That is irrelevant. What I am interested in is in if we are can get to an agreement to the job I am going to do here.
Those that would find that an issue would not be companies I wanted to work for anyway.
I sometimes also said no when the offer was not what I wanted. And once I asked for much more details as the pay would have been so high, it would be unrealistic. Asked them it was per month as it was more like I would be looking for per year. They said yes. I said no.
Don't fight for your country, if your country does not fight for you.
The thing is, the "political parties" are private organizations. They are under no obligation at all to respect the voters choices. I believe they could have just appointed their selected candidate without ever going to a vote. The purpose of the primary system isn't to select the candidate, it's to drum up support for the candidate. It is *presumed* that they'll want the candidate that can get the most support, but there have been several instances in both parties that show this presumption to be false.
I think we've pushed this "anyone can grow up to be president" thing too far.
Your position appears to be heavily derived from an innate distrust of an employer to treat their employees or would-be employees fairly. If you expect them to want to underpay you, then why do you think they suddenly wouldn't just because you didn't tell them how much you made at your last job?
File under 'M' for 'Manic ranting'
It's against the law in NYC for prospective employers to ask for, or require, candidate compensation history. The motivation is that women and minorities are often underpaid and when leaving their salary-biased job for a new one, often this bias carries forward with them if they have to report their past salary, which makes the problem of eliminating wage gaps due to gender or race difficult when the new employer can say "hey, I'm not racist, I just paid him what he was making before.. if his last employer was racist, not my problem!". This will mean interviews will be more in-depth and employers are expected to properly assess your skills and value to the company. Employers will still be allowed to do background checks, so if you got fired for watching porn on your office pc, or for incompetence, then new employers will know about it and can decide not to hire you.
Generally, most people who are "fired" aren't really fired. We use words like "fired" and "laid off" but those are not legal terms. The only legal documents a company can file to terminate your position is "involuntary termination with cause" (you were fired), "involuntary termination without cause" (you were laid off), and "voluntary termination" (you quit). In 99% of the cases where you manager "fires" you, the paperwork they file with the government is "involuntary termination without cause" (you were laid off). People think "laid off" is when 100s are let go and "fired" is when a manager singles you out for removal. That is just a misconception and in the U.S. nearly all involuntary terminations are "without cause". This is because "with cause" is very RISKY for the employer. You can sue them if you disagree with the cause of your termination, seek damages, and reinstatement. You have NO recourse if you terminated "without cause". It's similar to "at-fault" divorce and "no-fault" divorce. Even in cases where a spouse cheats on another, they generally file the paperwork of "no-fault" divorce, because "at-fault" requires you to PROVE they were at fault and is a huge hurdle to pass. If you sucked at your job and were fired, 99% odds are that it was a "without cause" involuntary termination, despite your manager yelling "you're FIRED!" in front of the entire kitchen staff. If you stole money from the company, committed fraud, or sexually harassed colleagues, odds are you were fired "with cause" and additionally criminal charges may be filed. No company with any half-competent lawyer on retainer will ever file a "with cause" termination for an employee being mediocre or bottom performing.
Your recourse is to collect employment insurance benefits that you would otherwise not be able to collect at all.
File under 'M' for 'Manic ranting'
I had one lady tell me that 20k more than I was making was asking too much. So I said "well I like my job let me know what you can do bye"
It felt great when she called me back the next week and said "well it turns out they're willing to pay that" .. I said something like "but of course.. sorry I have a meeting in a minute bye"
That's a lot of supposition you are making.. IF they are thinking.... then they MIGHT.... they *PROBABLY*....
While it's true that your previous salary is going to reflect a baseline for whatever the employer that asks about it is going to offer, it's as unfair for you to assume that that they are necessarily thinking of paying you unfairly for the work that you will be expected to do than for the employer to assume that you would be willing to accept a wage below what is considered fair. If 45K/year is fair, even if the employer *MIGHT* have paid 50k to somebody else, then what's so bad about getting 45K instead of 50k?
Or are you saying that expect that an employer should have to pay you *MORE* than what you should legitimately be entitled to for your work?
File under 'M' for 'Manic ranting'
OK. Let's assume they want to pay me fairly. How does knowing my salary history help them do that?
I do not have a signature
It doesn't... but it doesn't hurt either... I'm not saying you should volunteer the information without being asked, but if they ask, there's no harm in giving that info out as long as they are paying fairly. Sure your previous salary is going to serve as a kind of baseline for whatever the employer is ultimately going to offer, but that doesn't mean the employer is going to want to try and rip you off or take advantage of you.
If you are being paid fairly for the work you are doing, what difference should it make that an employer might have paid you more if they hadn't known how much you made in the past? While I get having more money is nice, it's selfish to expect that an employer should have to pay more than what doing a job is reasonably worth... and if the job *IS* reasonably worth $10k more than what you were making, then if they only offer $5k more, you are in a position to make a reasonable counteroffer. If they aren't going to match that based on what the job duties are reasonably worth, then you wouldn't have been paid fairly by them anyways, even if the subject of your previous salary hadn't ever been brought up.
File under 'M' for 'Manic ranting'
Being someone who said she was clearly not real infosec material it's satisfying to see more and more complete data come out that confirms my intuition. It's not the music degree.. it's the whole package.
Those were shitty low energy dried out turds of companies during the years she worked there. Equifax's CEO described the company as a culture of tenure and mediocrity, so with a history like that sidestepping into a CISO role where she could cyber-this and cyber that until a better C-level position opened up was a natural fit for her.
Too bad for her the inevitable shit hit the fan while she was in the hotseat, stories are coming out that everyone knew it would happen eventually. She was exactly as competent as they needed her to be.
Actually if I were a criminal looking for a place to rob or someone to ransom, I would look at estate value more than salaries. And we already pretty much know the value of housing based on public databases.
That's just as big of a failure. A good fall guy is at least convincing and allows you to claim that you were taking matters seriously. If your fall guy is obviously unqualified, all of the responsibility gets shifted back to you for choosing somebody that is clearly not fit for the role.
They failed at having good operational security and at picking effective fall guys/gals.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
Then telling them that an offer that they make which might be only slightly more than your previous salary and less than what you were hoping for shouldn't be a problem for you, should it?
File under 'M' for 'Manic ranting'
Certainly Australia. No way salary let alone detailed credit history can be accumulated by a private company and sold.
Mind you, we became a bit more like the US recently (2014) with watering down of these laws with no good reason and far too little debate.
True, even the GOP tried to bend rules and kill the Trump nomination.
Now we have President Trump (which is hilarious) but at least Clinton is not in a position to use the Army, FBI, CIA and NSA as her personal servants, so we dodged the worst bullet.
Still, it would be nice to have serious candidates in the presidential race once in a while. For instance, a Romney/Sanders race would have been a great opportunity to discuss core issues instead of talking about grabbing pussies or about secretary of states who sent top secret emails over plain smtp using the Exchange server installed in her pantry.
lucm, indeed.
Been there, done that. At one company, I agreed on a percent increase over my initial salary (definitely too low) given a promise that my salary would be re-evaluated the next year instead of a percentage applied. I had to remind them of the promise the next year. Least pleasant salary negotiations I've ever been involved in.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
You're assuming an awful lot of rationality there. If I'm worth* $100K, but my previous salary history make it look like $90K would be a significant raise, I'm likely to have to fight my way up to where I should be. Instead of starting with $100K and talking about other things, we're talking about salary right up front.
*Worth is a fuzzy concept here. Just go with me.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Which means they're basing their initial offer on your earlier salary, which means if you were underpaid in your last job they'll offer you less than if you were paid fairly.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Voting history is public where I live. It's possible to get copies of the signature logs, so people will know whether you voted in a particular election. No records are kept of how you voted. I don't see how people knowing that I voted or not is going to cause any problems.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The point is to know *why* you are worth a certain amount... and if you are offered anything below that, you can objectively present your case on that, and the salary negotiation lasts exactly one exchange. If they do not match it, then they can find somebody else, thank them for taking the time to interview you and move on to the next job interview. You don't have to make it sound like an ultimatum either... as I said, if you are objectively worth $X, you should be able to present that point factually and clearly to a prospective employer. If they won't pay you that amount on some claimed idea that it represents too much of a raise for you, then you know that the employer didn't really believe your objective evaluation on why you were worth that amount in the place, because if they had, they would have agreed to pay it. And if they didn't believe it, then they wouldn't have wanted to pay it even if your previous salary had been high enough that it wouldn't have represented a big raise, and if you actually did get the higher offer, you'd be that much more likely to be the first person on the chopping block to go as soon as any hard times come along because your salary is more than what they really want to pay.
File under 'M' for 'Manic ranting'
I know it's difficult to understand for a lot of Slashdot users who live in comfortable $4,000 apartments and walk 30 feet to work or don't even go into work some days because they just don't FEEL like going into work that day but... for most people, the amount they're going to get is not a NEGOTIATION. The employer has a set amount that they've decided they're going to pay you based on your experience and what they have read on your resume, and you either take it or you don't get the job. You don't get to say "well I feel like I should get paid this and this and this because I did this and that" because if you do the employer goes "oh jee what a shame, guess we'll have to hire one of these other 400 people in this massive stack of resumes who have exactly the same experience and skills as you." Most of the time they won't even follow up with you if you make a higher offer for pay, they'll just end the conversation quickly and move on to the next candidate.