Hacker News new | past | comments | ask | show | jobs | submit login

I’m this case, if the breach data is true, customers need to buy new phones, get new SSN, (and possibly change name) to have any sense of safety in the future. I wouldn’t use a compromised IMEI phone for 2FA anymore but most people would and it is not clear if the potential losses from the selling of this information have any real limit.



>customers need to buy new phones

>and possibly change name

>I wouldn’t use a compromised IMEI phone for 2FA

Why?

>get new SSN

That might be prudent to do, but at worse it's a few hours of hassle. I searched around and it looks like all you have to do is fill in a form (https://www.ssa.gov/forms/ss-5.pdf) and supply the required documents. At US median wages it's a few hundred dollars, max.

>the potential losses from the selling of this information have any real limit.

Well not really? Suppose someone crashed into your house, making a hole in the wall that allows thieves to steal potentially unlimited amounts of goods from your house. Should the driver be liable for all thefts from your house in perpetuity? Or only between the time of the crash and when you can reasonably get the wall fixed (or in the case of identity theft, changed your SSN)?


That form does not indicate that it's used to change a SSN.

Even if you do get a new SSN I wonder what the process is for changing it with the credit bureaus.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: