I found this article on new hacker targets a bit disturbing. This is mainly about the computer controlled physical plant, but I am more worried about their customer databases. It rang true for me as I was signing up for some new Comcast service and was required to give my WHOLE social security number to them. I have no way of knowing what they do with it. They say it is for a credit check, which I believe, but it is also in their systems for good since I occasionally have to give all or part of it to them. After the infamous Sony breach I don’t really trust large-scale corporate security. It might be easier for hackers to target utilities and others to get my social security number AND my credit card in one fell swoop, along with 80 million other customers. Then what is supposed to happen? It would be nothing that I did or a failing on my part, but my credit and identity would be completely laid bare.
I was not given a viable alternative for credit check either. Why doesn’t a valid credit card work for them. They can just cancel the service as soon as I don’t pay, no money lost. I also can’t imagine they really deny people cable service if they fail their credit check. It really shows the need for some sort of other identifier that can validate you.
In poking around, I find it uncomfortable that so many companies ask for your ss number and make things much more difficult if you don’t give it to them. I understand a bank or job, since all of that ties into your taxes and retirement benefits. Why does a phone, cable, or other service company require it? That we have gotten so lax about it worries me also. I have a few friends whose identity has been compromised and it takes years of work to correct it and you have to fight it the whole time!
If I were hacking, I would be all over these types of services, especially the smaller ones who are less likely to have reliable security systems. They are expensive and very complex to maintain. They require constant maintenance and, outside of the major metro areas, that expertise is not often there.
It does push the need for some sort of reliable identifier that can be tracked, monitored and validated. Short of being physically present, these will be difficult to achieve. Requiring me to pay to check on my own profile is a scam; I should not have to pay to monitor some companies bad security, this should be a free service that is subsidized by the companies themselves. In fact, they often have to provide free credit and identity monitoring after these breaches which probably costs them even more money. Yes, they will pass it on in the bill I get from them, but it is more likely to get done that way than getting me to cough up another 15$ month for personal monitoring.
Privacy experts might be trying to do something about it, but it will take only one high-profile attack to get DHS onto it, but I will guess that there would still be nothing done about it. It is back in the court of the Equifax and the others to deal with it. The last thing they want to do is expose the actual amount of fraud there is out there. The same goes for the credit card companies, “use our service, everything is always fine”; until it’s not. You can’t live in a reasonable manner without these services, yet I believe they will not do anything about it to make your life easier or more secure.
Tags: comcast, dhs, equifax, identity theft, privacy, social security, Sony, ssn
