It seems like the data brokers did most of the dirty work of collecting, storing and giving away the data to anyone who asked nicely. This guy managed to get access to all that sensitive data by just a single instance of social engineering. The data brokers' executives should be rotting in jail alongside him on much longer sentences.
The data brokers have accumulated towering piles of toxic data, creating a situation where spillage — and the resulting terrible harm to the innocent — becomes statistically inevitable.
I've noticed that if I am very careful people will often skip authentication steps and even just ignore them if they're lazy.
In my opinion we need to value these positions more. Higher salaries for these positions and more prerequisite education should be required. I don't think it'll happen without regulation though.
And that's the problem. Experian has insufficient incentive to keep this data safely stored away. Experian acts as if the data belongs to Experian, allowing them to sell it under a TOS, but when criminals get a hold of it, no harm comes to Experian — it's not a physical asset they can lose ownership of entirely. Instead, all the harm crashes down on the individuals whose identities are swimming in that data.
This really, really pisses me off about society today. Never once has my identity been compromised by my actions, in the 4 times it happened, it was due to credit card companies and credit agencies. I have zero control over how they protect my data.
But their ad campaigns would have me believe that I have to take control of my data to protect myself. How? I don't even know what you have about me, where it's stored, how it's stored, how it's accessed, why it's accessed, and how to lock it. How could the individual possibly be on the hook for this nonsense? Why is this allowed?
One solution would be to have PII, especially sensitive PII, be owned by the person it identifies. Of course, this would cause lots of problems for businesses like credit reporting agencies.
