Skip to main content

Security firm says Equifax made it far too easy to access salary and job data

One of the more notorious data breaches in 2017 was the Equifax hack that exposed the private information of roughly 145 million Americans. The Equifax breach is particularly troublesome because of the company’s status as a central clearinghouse for some of the most sensitive information that’s stored online. Now, it appears that the company’s lax security extends beyond basic security and may have made salary and employment information far too easy to access.

The news comes via KrebsonSecurity, which broke the story on October 8, 2017. Apparently, Equifax TALX, a service that is used for automatic verification of income and employment history data that’s used when someone applies for a loan, has utilized authentication procedures that are far too easy to bypass. Simply put, accessing the data is far too easy for anyone with access to information — such as social security numbers and dates of birth — that has been readily available for many people thanks to past data breaches.

Recommended Videos

The TALX system should only be accessible by credentialed companies such as banks and employers. As KrebsonSecurity discovered, however, many accounts can be accessed merely by entering an employer name and a complete or partial social security number. Then, the PIN that’s requested is in a majority of cases just a date of birth in easily guessed formats. Once validated, some very juicy information is available, including salary and employment history that dates back a decade or more.

Even the system’s advance authentication can be bypassed if the TALX customer failed to fully populate all the relevant information, and in many cases, detailed instructions on how to complete the authentication forms is available online. That makes it far too easy for nefarious parties to guess at how to successfully authenticate and gain access to the system.

If you’re concerned about your information being made accessible to unauthorized parties, then KrebsonSecurity provides a way to help safeguard your data:

“Fortunately, you can reduce the likelihood that an acquaintance, co-worker, stalker or anyone else can do this by claiming your own account, changing the PIN, and selecting a half-dozen security questions and answers. As always, it’s best not to answer these questions truthfully, but to input answers that only you will know and that can’t be found using social networking sites or other public data sources.”

As KrebsonSecurity notes in an update, Equifax has taken the TALX portal down for scheduled maintenance. It’s unknown whether that’s purely coincidental or if it’s in response to the story that was published yesterday. In addition, some commenters on the original story indicated that additional steps are being added that should help, although the data is still too easily accessible for anyone who’s willing to do the necessary research.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Early Prime Day deal: Samsung’s 27-inch Odyssey G3 at its annual low price
Samsung Odyssey G3 gaming monitor on desk with keyboard and headset.

If you're ready to upgrade your monitor, this Samsung deal over at Amazon just might be your best bet. The 27-inch version of Samsung's Odyssey G3 is $130 right now, a full $100 off its regular $230 price and its lowest price of the year. It's a part of early Prime Day deals and a good sampling of what we can expect for the shopping holiday, which officially lands on July 8th. Tap the button below to see it for yourself or keep reading to see why we like this deal and why this should be your next monitor.

Buy Now

Read more
An elegant Mac app has turned my basic tasks into a whole lot of fun
Who knew switching between apps could be so much easier and elegant?
Employing the Dory app switcher on a MacBook Air

The concept of an app switcher tool is rather odd. After all, why would you need a tool for jumping between apps, when the Command+Tab shortcut works just fine and the three-finger swipe opens the Mission Control on the Mac? Well, there are solutions that work better. 

Second, when you bring the mouse and keyboard combo into the picture, the fluid convenience of the trackpad gesture flies out the window. Over the years, the developer community has produced some real app switcher gems. 

Read more
Upgrade to the Alienware 18 Area-51 gaming laptop with RTX 5070 Ti — $500 off!
The Alienware 18 Area-51 Gaming Laptop on a white background.

You should be ready to spend a lot if you want a powerful gaming laptop, but you should also be on the lookout for potential savings. Now's a great time to check out Alienware deals because of Dell's Black Friday in July sale, which includes a fantastic offer for the Alienware 18 Area-51 gaming laptop. This configuration with the Nvidia GeForce RTX 5070 Ti graphics card is down from $3,300 to $2,800, which is still expensive, but you wouldn't want to miss this chance at $500 in savings. You have to hurry though, as stocks may run out at any moment!

Buy Now

Read more