Equifax lost all your data. All gone.
-
@unperverted-vixen said in Equifax lost all your data. All gone.:
Treat them as the primary keys that they were meant to be.
Nope!
Tons of people (US citizens even) have NO SSN. Some people have an SSN shared with another person. (Generally these people are not legit, like undocumented immigrants buying an SSN from a coyote, but there are cases where it could be-- remember the system was created when this business was done by mail, there was no central database checking uniqueness.) When an old SSN belongs to someone who dies, the Government reserves the right to re-issue it to someone else.
SSN is a terrible primary key.
-
@blakeyrat I was thinking solely within the context of the SSA, but you're right, they do reserve the right to reissue it, so even there that's bad phrasing.
-
Great. Now we need a monitoring service to monitor the credit monitoring services
-
-
Right on cue:
-
@unperverted-vixen said in Equifax lost all your data. All gone.:
@the_quiet_one said in Equifax lost all your data. All gone.:
Can we just have a way for us to reset our SSNs? At this rate, we might as well just start from a clean slate and then enact a mandatory 20 year sentence for people who store SSNs in plain text on a flash drive that they hide under a brick in their patio for safekeeping.
Or better yet: don't treat SSNs as the secret passwords they're incorrectly used as. Treat them as the primary keys that they were meant to be.
SSNs aren't unique.
They're a fucking 9 digit fixed length number in a country with a 9 digit population. They get recycled.
-
@xaade said in Equifax lost all your data. All gone.:
No. What we should do is enforce credit bureaus to report to the individual all data they've collected on them.
Meaning, personal credit monitoring is free.We do.
-
@unperverted-vixen said in Equifax lost all your data. All gone.:
Or better yet: don't treat SSNs as the secret passwords they're incorrectly used as. Treat them as the primary keys that they were meant to be.
Surrogate primary keys now. Surrogate primary keys tomorrow. Surrogate primary keys forever!
Hrm...that feels kind of dirty, but it's good advice.
-
@slapout1 said in Equifax lost all your data. All gone.:
Great. Now we need a monitoring service to monitor the credit monitoring services
Nah. Just get better authentication. Equifax has you covered.
-
@polygeekery said in Equifax lost all your data. All gone.:
Nah. Just get better authentication. Equifax has you covered.
-
Incidentally, back in July, Equifax literally could not find me.
I noticed this happen because I use a service that pulls my Equifax score every month and suddenly I went from 11tybyears of history and an 830 to "Who are you?"
Pulled my annual credit reports. The other two agencies were all fine and kosher (aside from TransUnion making their usual mistake of believing my brother to be an alias of mine). Equifax insisted I did not exist and had never existed.
1 week later, it fixed itself.
Vaguely wondering if "stolen data" doesn't mean "literally stolen".
-
Don't fucking enroll in that TrustedID Premier shit, or you'll waive your right to sue Equifax. Behold the Terms of Use (LOL PHP file):
ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.
-
@lolwhat Scroll past that and see the bit about opting out of arbitration.
-
@heterodox said in Equifax lost all your data. All gone.:
Well, given the first three just designate where you were born (generally)
When will the embed-information-in-keys brain worms die?
Filed under: I'm also looking at you, Vehicle Identification Numbers.
-
@groaner said in Equifax lost all your data. All gone.:
When will the embed-information-in-keys brain worms die?
SSN was invented before you could make a quick API call to a central server to obtain a unique GUID. It had to be assigned to people living in shacks miles away from any towns without running water, electricity, or phone service. I'm sure similar problems were faced by those creating the VIN system.
People who created it weren't stupid, and calling it a "brain worm" is very disingenuous when you probably wouldn't have come up with anything better in their situation.
-
@boomzilla said in Equifax lost all your data. All gone.:
@unperverted-vixen said in Equifax lost all your data. All gone.:
Or better yet: don't treat SSNs as the secret passwords they're incorrectly used as. Treat them as the primary keys that they were meant to be.
Surrogate primary keys now. Surrogate primary keys tomorrow. Surrogate primary keys forever!
Hrm...that feels kind of dirty, but it's good advice.
Our customer likes to create six-digit event codes for which the first digit is
year % 10
, and the next three digits are the day of year. I've mentioned to management that this might be a problem after about, oh, ten years, and got back lukewarm agreement in response. I get the feeling that our customer isn't going to like seeing decade-old data blend in with their current data, even if the scheme was their idea.
-
@heterodox said in Equifax lost all your data. All gone.:
Just looked at the Equifax site; it asks for the last six of your SSN. Well, given the first three just designate where you were born (generally), that's hardly better than asking for the full SSN. Ugh.
Three?
I've heard it was five, and that they are the ZIP code of either the place where you were born, but mine doesn't match that, not even close.
Where do you get this 3-digit code from? The only thing that immediately comes to mind is an area code, and a quick Google search says my first 3 aren't a valid US area code.
-
@blakeyrat said in Equifax lost all your data. All gone.:
@groaner said in Equifax lost all your data. All gone.:
When will the embed-information-in-keys brain worms die?
SSN was invented before you could make a quick API call to a central server to obtain a unique GUID. It had to be assigned to people living in shacks miles away from any towns without running water, electricity, or phone service. I'm sure similar problems were faced by those creating the VIN system.
People who created it weren't stupid, and calling it a "brain worm" is very disingenuous when you probably wouldn't have come up with anything better in their situation.
The great thing about GUIDs (and the overall purpose of them, pretty much) is that you shouldn't need a central server to generate them.
The first few characters of the VIN I can accept (i.e. North America, GM/Ford/Chrysler, etc.). But then you have characters which designate which engine options a car has, and it becomes embedding information about the key within the key. And I've been repeatedly told this is a Bad Thing™ by relational theory curmudgeons like Fabian Pascal and Joe Celko, so it must be true!
-
@groaner said in Equifax lost all your data. All gone.:
I've mentioned to management that this might be a problem after about, oh, ten years, and got back lukewarm agreement in response.
Yeah, my customer has a similar issue and response. Now, these are basically all manually created (though with some automation) so it wouldn't actually be difficult to at least add in a decades digit (I'm not optimistic enough about my chances to care about the Y2.2K problem).
They aren't really keys per se, though (we have actual surrogate PKs, of course), just names of things, which have to be unique.
-
@masonwheeler said in Equifax lost all your data. All gone.:
I've heard it was five, and that they are the ZIP code of either the place where you were born, but mine doesn't match that, not even close.
SSNs are older than ZIP codes.
-
@weng said in Equifax lost all your data. All gone.:
@lolwhat Scroll past that and see the bit about opting out of arbitration.
I think that given the circumstances, a judge faced with reviewing such a contract clause would gleefully strike it.
-
@groaner You'd hope so, but have you seen some of the judges in the USA?
-
@groaner said in Equifax lost all your data. All gone.:
The great thing about GUIDs (and the overall purpose of them, pretty much) is that you shouldn't need a central server to generate them.
Ok but that doesn't mean the guy driving out to the farm family in Oklahoma without power, water, or phone service is going to be able to generate a unique GUID in his Model A.
I think you missed my point entirely.
And I don't think you understand how much a third-world country the US still was in 1935. Sure, World War I gave us a boost, but the dustbowl/Great Depression pretty much erased all of those gains.
-
@lolwhat said in Equifax lost all your data. All gone.:
Don't fucking enroll in that TrustedID Premier shit, or you'll waive your right to sue Equifax. Behold the Terms of Use (LOL PHP file):
ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.
Incorrect. As per the FAQs:
Do the TrustedID Terms of Use limit my options related to the cyber security incident?
The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.
And I shit you not:
-
@masonwheeler said in Equifax lost all your data. All gone.:
I've heard it was five, and that they are the ZIP code of either the place where you were born, but mine doesn't match that, not even close.
Yeah, that's completely incorrect. Turns out as of 2011, SSNs are completely randomized. If you were born before then, your first three should match your birthplace in this list: https://www.ssa.gov/employer/stateweb.htm
Interesting edge case I found is if you were born on a military base, you got 577-579 for District of Columbia.
-
@heterodox said in Equifax lost all your data. All gone.:
Yeah, that's completely incorrect. Turns out as of 2011, SSNs are completely randomized. If you were born before then, your first three should match your birthplace in this list: https://www.ssa.gov/employer/stateweb.htm
Nope. It matches a place I used to live at one point, but not where I was born.
-
@masonwheeler said in Equifax lost all your data. All gone.:
Nope. It matches a place I used to live at one point, but not where I was born.
*shrug*
-
@masonwheeler said in Equifax lost all your data. All gone.:
Nope. It matches a place I used to live at one point, but not where I was born.
Maybe that's when your parents put you into the system?
-
@blakeyrat said in Equifax lost all your data. All gone.:
Ok but that doesn't mean the guy driving out to the farm family in Oklahoma without power, water, or phone service is going to be able to generate a unique GUID in his Model A.
Give him an entropy source, some scratch paper, and who knows what he could come up with?
And I don't think you understand how much a third-world country the US still was in 1935. Sure, World War I gave us a boost, but the dustbowl/Great Depression pretty much erased all of those gains.
I can appreciate that times were different, but maybe the system has outlived its usefulness and it's time for something new?
The US has been working on a national ID number for a notable subset of its population. This number is a pointer that doesn't contain any PII, so they've got the right idea. The only drawback is that it's only 10 digits, and the 10th digit is a check digit.
-
@boomzilla Hmm... that's possible, I suppose. Kinda thought that happened at birth though.
-
@masonwheeler said in Equifax lost all your data. All gone.:
@boomzilla Hmm... that's possible, I suppose. Kinda thought that happened at birth though.
Usually, but only because most hospitals have the forms and stuff so it's just easy to do it right there. Your parents still have to actually apply by filling out the forms and stuff.
-
@jazzyjosh said in Equifax lost all your data. All gone.:
@lolwhat said in Equifax lost all your data. All gone.:
Don't fucking enroll in that TrustedID Premier shit, or you'll waive your right to sue Equifax. Behold the Terms of Use (LOL PHP file):
ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.
Incorrect. As per the FAQs:
Do the TrustedID Terms of Use limit my options related to the cyber security incident?
The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.
And I shit you not:
What? You're browsing on the company's connection? On one hand, I like that they proactively flagged that URL to protect their employees. On the other, I'd think it's awfully risky to be coming here. I wouldn't want some poor HR spook to have to read about Anita Sarkeesian's private life.
-
@blakeyrat said in Equifax lost all your data. All gone.:
@groaner said in Equifax lost all your data. All gone.:
The great thing about GUIDs (and the overall purpose of them, pretty much) is that you shouldn't need a central server to generate them.
Ok but that doesn't mean the guy driving out to the farm family in Oklahoma without power, water, or phone service is going to be able to generate a unique GUID in his Model A.
I think you missed my point entirely.
And I don't think you understand how much a third-world country the US still was in 1935. Sure, World War I gave us a boost, but the dustbowl/Great Depression pretty much erased all of those gains.
The concept of first-world, second-world and third-world did not exist yet in 1935.
-
@polygeekery said in Equifax lost all your data. All gone.:
The concept of first-world, second-world and third-world did not exist yet in 1935.
Didn't it come out of the Cold War?
-
@blakeyrat said in Equifax lost all your data. All gone.:
Tons of people (US citizens even) have NO SSN. Some people have an SSN shared with another person. (Generally these people are not legit, like undocumented immigrants buying an SSN from a coyote, but there are cases where it could be-- remember the system was created when this business was done by mail, there was no central database checking uniqueness.) When an old SSN belongs to someone who dies, the Government reserves the right to re-issue it to someone else.
Now I'm curious about shared SSNs in the case that someone went missing, was declared dead, their number was reused, and then they turn up alive and well. Do both people just continue to use that SSN, or does one person or the other get a new one?
-
@masonwheeler said in Equifax lost all your data. All gone.:
@boomzilla Hmm... that's possible, I suppose. Kinda thought that happened at birth though.
It happens whenever they get filed for. I did not have a SSN until they were required for dependent tax deductions. The same year that 7million children silently vanished from the United States and no one spoke about it.
-
@polygeekery said in Equifax lost all your data. All gone.:
The concept of first-world, second-world and third-world did not exist yet in 1935.
Did the concept of pedantic dickweeds who post "uh, actually" posts when they knew FULL WELL what I meant exist in 1935? Was it legal to punch them? I hope so.
-
@blakeyrat said in Equifax lost all your data. All gone.:
Was it legal to punch them? I hope so.
Only if they are Nazis.
-
@masonwheeler said in Equifax lost all your data. All gone.:
@polygeekery said in Equifax lost all your data. All gone.:
The concept of first-world, second-world and third-world did not exist yet in 1935.
Didn't it come out of the Cold War?
Yep. First-world is capitalism, second-world is Communism, third-world is everything else.
-
@polygeekery said in Equifax lost all your data. All gone.:
@masonwheeler said in Equifax lost all your data. All gone.:
@polygeekery said in Equifax lost all your data. All gone.:
The concept of first-world, second-world and third-world did not exist yet in 1935.
Didn't it come out of the Cold War?
Yep. First-world is capitalism, second-world is Communism, third-world is everything else.
Are you sure? IIRC, the first time those terms appeared, first-world was Europe, second-world was the Americas, and third-world was Africa.
And Chrome wants me to change the first two
was
s towar
s
-
@raceprouk said in Equifax lost all your data. All gone.:
@polygeekery said in Equifax lost all your data. All gone.:
@masonwheeler said in Equifax lost all your data. All gone.:
@polygeekery said in Equifax lost all your data. All gone.:
The concept of first-world, second-world and third-world did not exist yet in 1935.
Didn't it come out of the Cold War?
Yep. First-world is capitalism, second-world is Communism, third-world is everything else.
Are you sure? IIRC, the first time those terms appeared, first-world was Europe, second-world was the Americas, and third-world was Africa.
And Chrome wants me to change the first two
was
s towar
sNope: turns out it's the thing @Polygeekery said.
-
@groaner said in Equifax lost all your data. All gone.:
I wouldn't want some poor HR spook to have to read about Anita Sarkeesian's private life.
Who?
-
@weng said in Equifax lost all your data. All gone.:
@lolwhat Scroll past that and see the bit about opting out of arbitration.
You're gonna have to quote the opt-out clause, because I don't see it. (It's been a long day at work, so I may not be parsing the legalese correctly.) Or do you mean the small-claims provision? Considering that identity theft can cost you quite a bit more than the typical small-claims limits, it is to laugh. Anywho, placing fraud alerts and credit freezes through the various CRAps rather than using TrustedID Premier Shiny-Shit avoids this potential pitfall entirely while still providing some protection.
And what the fuck did that last post of mine deserve a downvote for? :P
-
-
I would guess that this number constitutes the vast majority of anyone who has credit history at all. You might be thinking but quiet_one, you dipshit, it's only half the US population. Even if you accounted for minors that doesn't add up. Well, consider the fact that in the majority of these cases the reported number of those compromised magically increase as the investigation unfolds, I imagine the same kind of inflating numbers will occur here.
Were you affected? Check your wallet. Have a credit card? Then answer yes. Have student loans? Then answer yes. Had any obligation that slipped your mind and went to collections? Then you betcha you're on the list.
-
@lolwhat said in Equifax lost all your data. All gone.:
@weng said in Equifax lost all your data. All gone.:
@lolwhat Scroll past that and see the bit about opting out of arbitration.
You're gonna have to quote the opt-out clause, because I don't see it. (It's been a long day at work, so I may not be parsing the legalese correctly.) Or do you mean the small-claims provision? Considering that identity theft can cost you quite a bit more than the typical small-claims limits, it is to laugh. Anywho, placing fraud alerts and credit freezes through the various CRAps rather than using TrustedID Premier Shiny-Shit avoids this potential pitfall entirely while still providing some protection.
And what the fuck did that last post of mine deserve a downvote for? :P
Not gonna quote it on mobile because fuck that, but it amounts to "send us a letter saying so within 30 days and you opt out of the entire arbitration and small claims court". It's literally the next section
Also, they have since clarified in their own FAQ that that clause (indeed, the entire agreement) only relates to the credit monitoring service, not to the initial breach.
-
@the_quiet_one said in Equifax lost all your data. All gone.:
I would guess that this number constitutes the vast majority of anyone who has credit history at all. You might be thinking but quiet_one, you dipshit, it's only half the US population. Even if you accounted for minors that doesn't add up. Well, consider the fact that in the majority of these cases the reported number of those compromised magically increase as the investigation unfolds, I imagine the same kind of inflating numbers will occur here.
Were you affected? Check your wallet. Have a credit card? Then answer yes. Have student loans? Then answer yes. Had any obligation that slipped your mind and went to collections? Then you betcha you're on the list.
Plus the vast, creditless underclass.
-
@blakeyrat said in Equifax lost all your data. All gone.:
the US has no nation-wide ID number
FWIW, my ID number is 5670703057705.
-
@tsaukpaetra said in Equifax lost all your data. All gone.:
@blakeyrat said in Equifax lost all your data. All gone.:
the US has no nation-wide ID number
FWIW, my ID number is 5670703057705.
My ID number is 1. Ha!
-
@djls45 said in Equifax lost all your data. All gone.:
@blakeyrat said in Equifax lost all your data. All gone.:
Tons of people (US citizens even) have NO SSN. Some people have an SSN shared with another person. (Generally these people are not legit, like undocumented immigrants buying an SSN from a coyote, but there are cases where it could be-- remember the system was created when this business was done by mail, there was no central database checking uniqueness.) When an old SSN belongs to someone who dies, the Government reserves the right to re-issue it to someone else.
Now I'm curious about shared SSNs in the case that someone went missing, was declared dead, their number was reused, and then they turn up alive and well. Do both people just continue to use that SSN, or does one person or the other get a new one?
Yes to the first.