Pierce County did an "whoopsie"Submitted by GunHead416 t3_10gzn2e in Washington
PNW_Explorer_16 t1_j55no5q wrote
You too, hu?
What exactly is going to come of this?
RManDelorean t1_j55oqtu wrote
Nothing it's fine. They asked nicely so I'm sure they deleted it. /s But hopefully it was just an innocent mistake, lol I can see some hacker out there like "..wait, we could've just asked??"
PNW_Explorer_16 t1_j562u4z wrote
Right! “Hey. You broke a federal law”. “Hacker”: oh. Whoops here you guys go. Sorry about that. I’ll just ask next time. Wanna go grab a coffee?
blaaguuu t1_j55z79q wrote
While this is a pretty shitty situation - I feel like you have to give out your last 4 to so many institutions, and there is no way to validate that any of them have decent security practices, so I generally assume that the 'last 4' might as well be treated as public info, already...
JustARandomBloke t1_j560r41 wrote
The problem being if you know the last four and their birthday and where they were born you can recreate their full ssn.
flipfreakingheck t1_j571ea7 wrote
Wait, really?
JustARandomBloke t1_j572k5u wrote
The first 3 numbers are tied to specific geographic areas. The middle two are based on when you were born. The last 4 are a unique number.
adamr_ t1_j573mze wrote
This used to be true, and so still is for all eligible voters, but since 2011 SSNs have been generated randomly.
WhiteWashTXP t1_j583xh2 wrote
I wonder why I have a NY ssn when I was born in WA, I'm 23 lol.
[deleted] t1_j57hvfb wrote
[deleted]
Bigbluebananas t1_j5744ep wrote
So theoretically you can get their social by finding their place of birth and date- after you get the special 4 digits?
JustARandomBloke t1_j574hpl wrote
Yes, though another poster said this is only true for those born before 2011.
Bigbluebananas t1_j576zmg wrote
Man... thats friggin bonkers to me
renownbrewer t1_j58eafh wrote
You used to be able to guess Wa. driver's license numbers with key information and there was even an embedded check sum.
script372 t1_j587ejx wrote
Not necessarily where they were born but where they applied… and it wasn’t until 1987 that people were assigned an SS # at birth.
GunHead416 OP t1_j55of51 wrote
Hopefully nothing but I kinda shocked this was all it took for the government to fuck up.
Shocked....well, not that shocked.
Ben_A t1_j55v065 wrote
Worked at dominos as a delivery driver. For some reason my manager sent my full name, address, social security number, and license number to someone I delivered to. I do not know why. He’s just dumb.
rosesandpiglets t1_j569719 wrote
I’m usually not a very litigious person, but you might want to talk to a lawyer. Breaking federal law and saying “oh whoops” “we fixed it and totally trust this dude” doesn’t cut it IMO. They need to provide legal documentation that they did what they said at the bare minimum.
[deleted] t1_j58otp7 wrote
[deleted]
PNW_Explorer_16 t1_j56svm9 wrote
Agreed. We’re you part of it as well? Sounds like a lot were, and I don’t mind getting the ball rolling.
rosesandpiglets t1_j56viua wrote
I was not fortunately. I hope the victims take action though, this is completely unacceptable and I don’t trust the “cooperation” of a third party one bit
SoftwarePatient5050 t1_j57epdh wrote
Which federal law was broken?
[deleted] t1_j57gbsy wrote
[deleted]
SoftwarePatient5050 t1_j581tae wrote
That does not appear to apply here:
>Binds only federal agencies and covers only records under the control of federal agencies (and, by contract, also applies to contractor personnel and systems used by a federal agency to maintain the records).
rosesandpiglets t1_j57ihm7 wrote
SoftwarePatient5050 t1_j580j9v wrote
Did you just find a random law to cite or something? What in the world do you think antitrust laws have to do with election information?
SirDouglasMouf t1_j576jeq wrote
I'm guessing you don't know about how god awful WA state unemployment fraud was/is/has become. The amount of identity fraud in this state is bonkers.
PNW_Explorer_16 t1_j562m94 wrote
Right. On one hand it’s shocking, on the other, the ineptitude isn’t a surprise at all.
I know we can do better, it’s just takes that initiative, which I don’t have much faith in.
SoftwarePatient5050 t1_j57fd2b wrote
What should come of this?
PNW_Explorer_16 t1_j57i82j wrote
Based on your username, I get the sense you understand PII and possibly GDPR rules. So you know at a corporate level how serious these things can get.
As with anything, there are loop holes, which I understand. However, a “whoops, trust our guy it was handled in two hours” is negligent.
What I’d like to see is a security audit within pierce county (digital and physical). how records are stored, kept, shared, etc. next, an audit on personnel security levels, and a chain of command for releasing records.
In the event of a breach, what’s the protocol, and how does the county plan to mitigate risk, while protecting its people. A “oh it’s totally cool” piece of mail isn’t on par with standards of where we should be.
Next, what entity requested our data? If it was a company, they should be listed, and we should have communication options to address directly with them. If this was a personal (non entity) request, that person should have a representative from pierce county tagged so we can understand the intent on which this person requested our data.
Lastly, comes the monetary side. While no one may be victim to identity theft which, may lead to erroneous monetary charges, there should be a plan in place to address this should it occur. Pierce had an obligation to help it’s citizens. Listing the three credit agencies doesn’t suffice.
Lastly, let’s say that someone, or a group, is targeted (harassment, violence, etc). This again falls into malicious intent, but dives into more murky waters.
I don’t have the answers. This is just what comes to mind. I’m not a “let’s sue and get everything we can” kinda person. I’m more of a “hey, let’s be a leading example for privacy of our citizens data, and also a leader in mitigating risk to its citizens” kinda guy.
Viewing a single comment thread. View all comments