Security firm says Equifax made it far too easy to access salary and job data

Smith Collection/Gado/Getty Images
One of the more notorious data breaches in 2017 was the Equifax hack that exposed the private information of roughly 145 million Americans. The Equifax breach is particularly troublesome because of the company’s status as a central clearinghouse for some of the most sensitive information that’s stored online. Now, it appears that the company’s lax security extends beyond basic security and may have made salary and employment information far too easy to access.

The news comes via KrebsonSecurity, which broke the story on October 8, 2017. Apparently, Equifax TALX, a service that is used for automatic verification of income and employment history data that’s used when someone applies for a loan, has utilized authentication procedures that are far too easy to bypass. Simply put, accessing the data is far too easy for anyone with access to information — such as social security numbers and dates of birth — that has been readily available for many people thanks to past data breaches.

The TALX system should only be accessible by credentialed companies such as banks and employers. As KrebsonSecurity discovered, however, many accounts can be accessed merely by entering an employer name and a complete or partial social security number. Then, the PIN that’s requested is in a majority of cases just a date of birth in easily guessed formats. Once validated, some very juicy information is available, including salary and employment history that dates back a decade or more.

Even the system’s advance authentication can be bypassed if the TALX customer failed to fully populate all the relevant information, and in many cases, detailed instructions on how to complete the authentication forms is available online. That makes it far too easy for nefarious parties to guess at how to successfully authenticate and gain access to the system.

If you’re concerned about your information being made accessible to unauthorized parties, then KrebsonSecurity provides a way to help safeguard your data:

“Fortunately, you can reduce the likelihood that an acquaintance, co-worker, stalker or anyone else can do this by claiming your own account, changing the PIN, and selecting a half-dozen security questions and answers. As always, it’s best not to answer these questions truthfully, but to input answers that only you will know and that can’t be found using social networking sites or other public data sources.”

As KrebsonSecurity notes in an update, Equifax has taken the TALX portal down for scheduled maintenance. It’s unknown whether that’s purely coincidental or if it’s in response to the story that was published yesterday. In addition, some commenters on the original story indicated that additional steps are being added that should help, although the data is still too easily accessible for anyone who’s willing to do the necessary research.


Authentic, holistic, retro photography is in: Here are 2019’s predicted trends

What types of imagery are we most drawn to? According to recent stock photography data from Adobe, StoryBlocks, and Shutterstock, authentic, holistic, and humanitarian content will be in high demand in 2019.

Faster new PCIe 5.0 standard leapfrogs the best feature of AMD’s Ryzen 3

PCIe 5.0 will bring even faster data transfers, but it may only be found on HPCs and servers initially. The standard is four times faster than your current PC at transferring data, and new devices could appear later this year.

Data breach compromises 773 million records, 21 million passwords

A security researcher was alerted to a collection of breached data that included more than 773 million compromised records. After digging deeper, the breach was revealed to contain more than 21 million passwords.

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.

Take a trip to a new virtual world with one of these awesome HTC Vive games

So you’re considering an HTC Vive, but don't know which games to get? Our list of 25 of the best HTC Vive games will help you out, whether you're into rhythm-based gaming, interstellar dogfights, or something else entirely.

The Asus ZenBook 13 offers more value and performance than Apple's MacBook Air

The Asus ZenBook 13 UX333 is the latest in that company's excellent "budget" laptop line, and it looks and feels better than ever. How does it compare to Apple's latest MacBook Air?

AMD Radeon VII will support DLSS-like upscaling developed by Microsoft

AMD's Radeon VII has shown promise with early tests of an open DLSS-like technology developed by Microsoft called DirectML. It would provide similar upscale features, but none of the locks on hardware choice.

You could be gaming on AMD’s Navi graphics card before the end of the summer

If you're waiting for a new graphics card from AMD that doesn't cost $700, you may have to wait for Navi. But that card may not be far away, with new rumors suggesting we could see a July launch.

Is AMD's Navi back on track for 2019? Here's everything you need to know

With a reported launch in 2019, AMD is focusing on the mid-range market with its next-generation Navi GPU. Billed as a successor to Polaris, Navi promises to deliver better performance to consoles, like Sony's PlayStation 5.

Cortana wants to be friends with Alexa and Google Assistant

Microsoft no longer wants to compete against Amazon's Alexa and Google's Assistant in the digital assistant space. Instead, it wants to transform Cortana into a skill that can be integrated into other digital assistants.

Microsoft leans on A.I. to resume safe delivery of Windows 10 Update

Microsoft is leaning on artificial intelligence as it resumes the automatic rollout of the Windows 10 October 2018 Update. You should start seeing the update soon now that Microsoft has resolved problems with the initial software.

Stop dragging windows on your Mac. Here's how to use Split View to multitask

The latest iterations of MacOS offer a native Split View feature that can automatically divide screen space between two applications. Here's how to use Split View on a Mac, adjust it as needed, and how it can help out.

It's not all free money. Here's what to know before you try to mine Bitcoin

Mining Bitcoin today is harder than it used to be, but if you have enough time, money, and cheap electricity, you can still turn a profit. Here's how to get started mining Bitcoin at home and in the cloud.

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. This list of the best free drawing software is just as powerful as some of the more expensive offerings.