![]() ![]() ![]() Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering KBA questions about those employees. Weaver came in a story from May 2017 which looked at how identity thieves were able to steal financial and personal data for over a year from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. “Whenever I’m faced with KBA-type questions I find that database tools like Spokeo, Zillow, etc are my friend because they are more likely to know the answers for me than I am,” said Nicholas Weaver, a senior researcher in networking and security for the International Computer Science Institute (ICSI). What’s more, many of the companies that provide and resell these types of KBA challenge/response questions have been hacked in the past by criminals that run their own identity theft services. As I have noted in countless stories published here previously, the problem with relying on KBA questions to authenticate consumers online is that so much of the information needed to successfully guess the answers to those multiple-choice questions is now indexed or exposed by search engines, social networks and third-party services online - both criminal and commercial. The final authorization check is that Experian asks you to answer four so-called “knowledge-based authentication” or KBA questions. I’m certain this warning would deter all but the bravest of identity thieves! The first hurdle for instantly revealing anyone’s freeze PIN is to provide the person’s name, address, date of birth and Social Security number (all data that has been jeopardized in breaches 100 times over - including in the recent Equifax breach - and that is broadly for sale in the cybercrime underground).Īfter that, one just needs to input an email address to receive the PIN and swear that the information is true and belongs to the submitter. Experian’s page for retrieving someone’s credit freeze PIN requires little more information than has already been leaked by big-three bureau Equifax and a myriad other breaches. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |