Five months after Equifax hack

Nearly five months after an unprecedented security breach at the credit rating firm Equifax exposed Social Security numbers and other data, making some 147 million Americans vulnerable to potential identity theft and fraud attacks, the Social Security Administration continues to use an identity security system devised by Equifax for the MySocialSecurity online portal.

Equifax was awarded a no-bid $10 million contract back in early 2016, as the company boasted at the time, “to help the SSA manage risk and mitigate fraud for the mySocialSecurity system, a personalized portal for customers to access some of SSA’s services such as the online statement.”  

After learning from a Sept. 15 Salon investigation about the SSA’s continued use of Equifax’s identity-verification system, Sen. Sherrod Brown, D-Ohio, and Sen. Orrin Hatch, R-Utah, wrote to Social Security asking them to terminate the contract. They also have urged the federal government to end all contracts with Equifax, at least until it is determined how the giant credit firm managed to be vulnerable to such a colossal hack and why it waited several months to notify affected Americans whose credit data it collects and maintains.

The SSA’s continued use of its Equifax contractor’s compromised work contrasts with the decision made by the Internal Revenue Service. On Oct. 13, apparently at the urging of Brown and Hatch, the IRS “temporarily suspended” its $7.2-million security verification contract with Equifax for taxpayers using the agency’s online access.

Read more at Salon