Hacker News new | past | comments | ask | show | jobs | submit login
Data breach leaks SSNs of over 230k Comcast customers (theverge.com)
19 points by mfiguiere 44 days ago | hide | past | favorite | 11 comments



WTF. Why should Comcast need their customer's SSNs?


I ask this question every time I start any service. Seems like nobody is willing to do business without your SSN.

Like, I prepay for the month, what is the worst happens if you receive a fake name and you cannot verify the customer identity?


As a non-American, social security numbers are a bit of a mystery.

Unique identify in a healthcare setting is critical, but SSNs aren’t used this way are they? From the wiki, it seems they were setup for social security tracking alone.

Having one number for everything makes sense, as I have a healthcare unique identifier, a driver’s licence number, an IRD number and probably others. However SSNs aren’t used for all these uses are they?

https://en.m.wikipedia.org/wiki/Social_Security_number


A lot of weirdness in the US happens because we were the first to do something, or the first country where a practice became widespread. Certainly after you get to the point as a nation where there needs to be some kind of "national ID," you might create one from whole cloth, but for decades the US had no need of such a thing because there was no way for two businesses in two different states to communicate except by mail, fax, or telephone. And we also have that weird fundamentalist Christian lobby that believes any "national ID card" or number is the "mark of the beast" from Revelations and staunchly refuses such a thing.


The only nationwide unique ID people are assigned is a Social Security number. They are absolutely not designed for unique tracking. In practice that’s exactly how they’re used, in healthcare and everywhere else. It’s maddening.


It is also ostensibly a secret. Many businesses absolve themselves of any real fraud prevention and will take a SSN as proof of identity.


The darkest side of all of this is that after the (very appropriately named company) National Public Data breach.. a largeeee portion of US SSNs are now open source so (1) what's to stop someone from using "a" SSN with comcast versus "their" SSN (2) any SSN leak is a leak on a leak, can't kill what's already dead


We've known SSNs are broken as a secret for a long time. At this point, the fix would be for the government to publish everyone's SSN on some immovable deadline so that SSN becomes worthless information. There would be a lot of other work, of course, to support this future where everyone's SSN is public information, but the pressure would be there to discontinue its use as a secret.


We should try a $200 fine for every leaked SSN.


Yeah, it's basically "every breach extends my free year of identity monitoring" but the exploited companies are not experiencing any meaningful repercussions or regulation beyond that extremely-token gesture.





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: