Millions of Americans are worried that their credit information and Social Security numbers may have been among the 143 million records breached in an unprecedented hack that attacked Equifax, the credit reporting company. But there’s more to the story. While Equifax and the Social Security Administration aren’t talking about it, Equifax was also hired a year ago, on a $10 million contract, to “help the SSA manage risk and mitigate fraud for the mySocialSecurity system, a personalized portal for customers to access some of SSA’s services such as the online statement.”
That’s how the company put it in a press release on Feb. 10, 2016. In that announcement, Equifax also boasted that the Social Security Administration “has completed integration with Equifax Inc.”
Despite Equifax’s self-described intimate role in providing security and preventing fraud on the Social Security System’s public access website for current workers and beneficiaries, there has been no indication that the Social Security Administration is concerned about whether weaknesses in Equifax’s own customer portal security — such as the Apache tool on which the company is blaming the breach — might have been involved in its security work for the mySocialSecurity portal.
For the rest of this article by TCBH! member DAVE LINDORFF, please go to Salon.com