Equifax Breach Proves Federal Action Necessary
Just a month before the announcement that an Equifax breach had exposed 143 million Americans’ personal data, the U.S. Government Accountability Office (GAO) warned agencies not to overuse the collection of one of the most common personal identifiers: Social Security numbers.
According to the report, the GAO says that a decade’s worth of effort to reduce the use of Social Security numbers has had only limited success. Even though all 24 agencies covered by the Chief Financial Officers (CFO) Act have developed plans to reduce this use, they’ve been hampered in implementing these plans. Mandates and regulations often require the collection of these numbers and are required for interactions with other federal agencies.
These 24 agencies currently use Social Security numbers for a variety of purposes, including:
- Benefits & Services (22 Agencies)
- Law Enforcement (17 Agencies)
- Statistical Purposes & Research (16 Agencies)
- Tax Purposes (13 Agencies)
- Other (12 Agencies)
Some federal agencies have already started replacing Social Security numbers, such as the Department of Defense, which has replaced them on its identity cards.
While a national identification number is an idea that is being discussed, the undertaking for the U.S. government would be massive.
However, according to our experts who talked with CNN, that number could get hacked as well.
“It doesn’t matter if it’s a new Social Security number or a new national identification system — whatever that identifier is, it’s still going to be the thing that attackers are going after,” said Russel Van Tuyl, managing consultant of security assessments at Sword & Shield Enterprise Security, the parent company of Sword & Shield Federal.
The CNN report also says that “biometric identifiers — such as fingerprints, iris scans, voice and facial recognition — are potential alternatives. The technology has become more mainstream in recent years: We regularly use our fingerprints to unlock our smartphones. Meanwhile, iris scans and facial recognition are also available on some phones, and many consumers talk to voice assistants like Alexa and Siri.”
Ultimately, it will fall on the Office of Management and Budget to set the standards, the GAO report concludes.
“GAO recommends that OMB require complete plans for ongoing reductions in the collection, use, and display of SSNs, require inventories of systems containing SSNs, provide criteria for determining ‘unnecessary’ use and display, ensure agencies update their progress in annual reports, and monitor agency progress based on clearly defined performance measures,” the report states.