“This particular data breach will impact a utilized authentication stack that many organizations and federal agencies use to combat their own forms of fraud,” said Adam Meyer, chief security strategist of threat intelligence company SurfWatch Labs.
If criminals have all the information they need to pass identity verification checks, what good is this authentication system?
Security and fraud experts like Litan have been warning organizations to stop relying on static personal data for identity verification in favor of dynamic identity data for a while now. For example, Threatmetrix uses crowdsourcing and machine learning to establish the user’s identity based on the user’s dynamic behavior and attributes.
“Based on conversations with Gartner clients, including tax authorities, my estimate is that over half of Americans have already had their identities compromised before this latest hack, and their records are already resident in criminal databases,” Litan said.
While individuals should be worried about financial and phone service account takeovers, tax refund fraud, Social Security and other government-benefit fraud, Litan said there were other things to worry about, such as nuclear war or an attack against the power grid. “I fully understand that my stolen personal data is much more likely being used to further those goals, than it is to help some criminal get a new fake mortgage,” Litan added.
Sign up for CIO Asia eNewsletters.