The Government Accountability Office is warning Union agencies including the U.S. Postal Service , the Social Security Administration , Veterans Affairs , and the Centers for Medicare and Medicaid Services in areport this weekthat they should stop relying on deferred payment authority to swear identities after adevastating taxicab of Equifax in 2017that compromise the information of around 150 million Americans .
Those delegacy currently confirm whether an mortal is who they say they are by asking users to provide personal selective information and then cross - check it with reference filing cabinet provided by one of three major agencies : Equifax , Experian , and TransUnion . Per TechCrunch , the report remark that in 2017 , the National Institute of Standards and Technology ( NIST ) issued guidance that “ efficaciously prohibits agencies from using knowledge - based verification for sensible program program ” due to the hypothesis that malicious company could have access to the Equifax datum , or that even more such data could be compromised in the future tense .
Just two agency , the General Services Administration and the Internal Revenue Service , have complied by developing their own alternative methods , the report card says . The four said ones continue to rely at least in part on knowledge - based verification :
Photo: Mike Stewart (AP)
Two of the six agencies that GAO reviewed have eliminate noesis - based verification . Specifically , the General Services Administration ( GSA ) and the Internal Revenue Service ( IRS ) of late grow and began using substitute methods for remote identity operator proof for their Login.gov and Get Transcript services that do not rely on knowledge - ground verification . One agency — the Department of Veterans Affairs ( VA)—has implemented alternative method for part of its identity proofing process but still relies on knowledge - based check for some individuals . SSA and the United States Postal Service ( USPS ) intend to melt off or eliminate their use of goods and services of knowledge - based verification sometime in the future but do not yet have specific architectural plan for doing so . The Centers for Medicare and Medicaid Services ( CMS ) has no plans to thin out or eliminate cognition - base check for remote identity element proofing .
Alternative methods commend by the GAO include remote appraisal of physical credential — i.e. , an image of a driver ’s permission or other documents — and substantiation using cell speech sound toter records . While both of those methods do involve someone have access to a sound , TechCrunch noted that the credit agency system requires a cite history , and in 2016 the Consumer Financial Protection Bureau estimatedsome 26 million people(roughly one in ten adults ) miss such records on file with the three major quotation valuation company .
“ Several officials refer reason for not adopting alternative methods , including high-pitched costs and implementation challenge for sure segments of the populace , ” the GAO report concluded . “ … Until these office take measure to eliminate their use of noesis - ground confirmation , the mortal they serve will stay on at increase risk of infection of identity pretender . ”
Equifax , which could have prevented the breach bypatching server softwarebut did not and was later chasten by the House Oversight Committeefor sheer incompetence , has finally get to face some consequences . Last calendar month , Moody ’s downgraded the ship’s company from a“stable ” to a “ negative ” outlookin large part due to lawsuits , investigation , and mulct estimate to have cost the party $ 690 million in Q1 2019 alone , as well as future price that could add up to more than a billion by 2021 . In January 2019 , a Union judge in Atlantarefused to fox outtwo amalgamated course legal action against the company , meaning more payouts may be come .
[ TechCrunch ]
CybersecurityEquifaxHackersHackingPrivacyTechnology
Daily Newsletter
Get the effective technical school , science , and refinement news in your inbox day by day .
News from the future , delivered to your present tense .
You May Also Like
