Healthcare.gov ‘may already have been compromised,’ security expert says

[Reba]

Uh, oh. This is scary. Healthcare.gov is chock full of personal data, starting with Social Security Numbers.

We in South Carolina went thru a similar breech of security a couple years ago, and we're still vulnerable. I can't imagine the whole country of citizens being compromised this way.

All SC taxpayers had their SSN's compromised. As a result, the state has been paying for our identity tracking services for last year and this year. It's an awful situation.

How are Americans going to have their identities protected from the hacking of Healthcare.gov?

. . . “Hackers are definitely after it,” said David Kennedy, CEO of information security firm TrustedSEC before a House Science, Space, and Technology committee hearing on security concerns surrounding the problematic Healthcare.gov website.

“And if I had to guess, based on what I can see … I would say the website is either hacked already or will be soon…."

The rest of the story at:

Healthcare.gov

 

[kokonut]

A hacker's wet dream. It is totally irresponsible to release a website without going through rigorous online security testing first of this magnitude involving all of the citizens in the U.S.

 

[diehardbiker]

The idea of SSN was never meant for creditors/private sector to use it other than government purpose, this violation was long overdue! If had creditors never use SSN, but other way of identify, something like this won't have to happen.

 

[kokonut]

Actually, people were required to submit sensitive info prior to being allowed to comparison shop once you got in....most couldnt get in.

 

[diehardbiker]

Point is, if SSN were never used by creditors, will we have ID thieves problems though heathcare.gov? I don't think so. It is next to impossible to change SSN. In fact, if creditors would set up their own ID system and could change anytime, we won't have this kind of mess. But because creditor find it very convenient using SSN because they KNEW they can't be change that easy and cost them NOTHING, and creditors actually exploit government resources in order to save their money, but in reality it is costing them and everybody else dearly.

 

[SneakerNet]

You know there's ongoing problem with any sites that store SSN, like banking institutions, colleges, healthcare, tax and so forth. SSA should add another security layer, not only SSN alone but should add secure ID (SID) like the credit card, and when thief try to use the SSN, it will ask for SID, if it does not match, SSN will become useless.

SSA should work on improving the security of the SSN, it shouldn't put burden on the companies that hold all the SSN. You know every hackers always find a way to get in and steal the personal accounts.

 

[Foxrac]

A hacker's wet dream. It is totally irresponsible to release a website without going through rigorous online security testing first of this magnitude involving all of the citizens in the U.S.

Playstation Network (PSN) went through the rigorous online security testing but hackers successfully hacked this system and compromised over millions of accounts.

 

[Beowulf]

Hmmm. Sounds like the prez hired Kevin Federline to operate the system with a computer from Radio Shack hooked to a car battery. Business malpratice?

 

[diehardbiker]

Exactly what I have been trying to say over years, all I get is slap at my face as their excuse for being costly. It is gonna cost even more if we don't do a damn thing about it.

SSA should never involve this in the first place, it is the creditor that SHOULD be involved and set up themselves. What business do government have to do with financial matters that banks deals on daily basis? It is banks after all not government.

You know there's ongoing problem with any sites that store SSN, like banking institutions, colleges, healthcare, tax and so forth. SSA should add another security layer, not only SSN alone but should add secure ID (SID) like the credit card, and when thief try to use the SSN, it will ask for SID, if it does not match, SSN will become useless.

SSA should work on improving the security of the SSN, it shouldn't put burden on the companies that hold all the SSN. You know every hackers always find a way to get in and steal the personal accounts.

 

[whatdidyousay!]

A hacker's wet dream. It is totally irresponsible to release a website without going through rigorous online security testing first of this magnitude involving all of the citizens in the U.S.

Yeah I just heard that on news tonight that is like a candy store for hackers . I heard Michelle Obama friend was given the job of running the health care web site . A friend of mine said that the computer the woman is using is 10 years old. Has anyone heard this? The Obamacare was DOA and should be DNR.

 

[MangaReader]

This is ridiculous. I've gotten 2 or 3 letters from companies telling me that their security was compromised and my personal information may have been stolen. They give me a free year of credit report check to monitor it. One was recent from Nationwide Company.

I've had identity theft on my personal info few years ago. Someone tried opening bank accounts, purchase some goods online and tried to get into my credit card account. They apparently knew I was deaf because one credit card company said that someone posed as me using relay service!!!

I think identity theft is more rampant nowadays with the internet than years ago. The internet makes it easy to steal identities.

 

[The Highlander]

You know there's ongoing problem with any sites that store SSN, like banking institutions, colleges, healthcare, tax and so forth. SSA should add another security layer, not only SSN alone but should add secure ID (SID) like the credit card, and when thief try to use the SSN, it will ask for SID, if it does not match, SSN will become useless.

SSA should work on improving the security of the SSN, it shouldn't put burden on the companies that hold all the SSN. You know every hackers always find a way to get in and steal the personal accounts.

Nice idea about SID. How to apply the SID?

SSN will become useless? That's mean change the new SSN if thief have old SSN?

 

[diehardbiker]

No, SSN will always be there and used for government purpose and is permanent ID for everybody, what we mean is add layer of security, For instance a Joe's SSN would be 333-22-4444 and that number will never change and add second layer of security by put maybe 4-6 alpha-numberic after the SSN, and can be changed though bank (Security reason obviously) and Joe would have like this 333-22-4444-09meh then he would apply on credit application as 333-22-444 09meh, that way credit bureau would have to verify the last 5 number. ID thieves will not take chance of trying to apply without knowing the current second layer code because they can change anytime. Suppose Joe discovered somebody had stolen his ID, he can call bank, and bank would lock the security layer and have Joe come back in to verify ID and get new second layer security code like 333-22-4444-LAATU. The crook who got his previous ID will not be able to try on Joe again It is NOT that hard to add, and I think it is the best security we could have and it could stop thieves hard, cold and fast.

Nice idea about SID. How to apply the SID?

SSN will become useless? That's mean change the new SSN if thief have old SSN?

 

[kokonut]

No, SSN will always be there and used for government purpose and is permanent ID for everybody, what we mean is add layer of security, For instance a Joe's SSN would be 333-22-4444 and that number will never change and add second layer of security by put maybe 4-6 alpha-numberic after the SSN, and can be changed though bank (Security reason obviously) and Joe would have like this 333-22-4444-09meh then he would apply on credit application as 333-22-444 09meh, that way credit bureau would have to verify the last 5 number. ID thieves will not take chance of trying to apply without knowing the current second layer code because they can change anytime. Suppose Joe discovered somebody had stolen his ID, he can call bank, and bank would lock the security layer and have Joe come back in to verify ID and get new second layer security code like 333-22-4444-LAATU. The crook who got his previous ID will not be able to try on Joe again It is NOT that hard to add, and I think it is the best security we could have and it could stop thieves hard, cold and fast.

That's false. It's not completely permanent. You can get a new SS# if you are a victim of identity theft after you have exhausted all possibilities on rectifying the problem. Even if you get a new SS# there's a caveat. Read page 7.

http://www.socialsecurity.gov/pubs/EN-05-10064.pdf

 

[Mewtilation]

There will always be hackers, and always someone able to out-smart someone else's ideas and security measures. Some people have no friggin life....

 

[diehardbiker]

False? Your funny! You see, it takes forever to change SSN and it is pretty much like permanent on most cases, that is where ID thieves took advantage of, where secondary layer of security CAN be changed anytime, thus ID thieves will not be able to get around. Because SSN stays there for government use, where credit bureau sees SSN as permanent ID with code where credit bureau can assign every time customers needs or want to. You see, Government does NOT want to be responsible and have no business in private banking industry, thus bank industry is the ONE that needs to fix this problem.

The concept is pure and simple, the SSN is like a locker of personal financial matters, but without padlock on it, giving anyone easy access to the locker, where second layer security would be like padlock and can be issued and re-issued if damaged by credit bureau.

That's false. It's not completely permanent. You can get a new SS# if you are a victim of identity theft after you have exhausted all possibilities on rectifying the problem. Even if you get a new SS# there's a caveat. Read page 7.

http://www.socialsecurity.gov/pubs/EN-05-10064.pdf

 

[kokonut]

False? Your funny! You see, it takes forever to change SSN and it is pretty much like permanent on most cases, that is where ID thieves took advantage of, where secondary layer of security CAN be changed anytime, thus ID thieves will not be able to get around. Because SSN stays there for government use, where credit bureau sees SSN as permanent ID with code where credit bureau can assign every time customers needs or want to. You see, Government does NOT want to be responsible and have no business in private banking industry, thus bank industry is the ONE that needs to fix this problem.

The concept is pure and simple, the SSN is like a locker of personal financial matters, but without padlock on it, giving anyone easy access to the locker, where second layer security would be like padlock and can be issued and re-issued if damaged by credit bureau.

You did say that a person's SS# is permanent and cannot be changed, However, under certain circumstances SS# can be changed per the document I provided in the link.
.

 

[diehardbiker]

Sure, but do you realize that changing SSN would solve the problem? No, why? Because not everyone can update somebody SSN, too many loose ends down there in government system. For instance, if you change SSN, your state DMV may not update, your property taxes may not update with new SSN and could cause problems, and so on. Another issue for banks when one change SSN, they may chase debtor over debt, not realizing new SSN has been issued, banks won't like this any more than you don't. It is not good idea to change SSN.

Ask you, why we are locked to just 9 digit ID number? Is it really impossible to add another digit in anyone's ID? Really? What if 9 digit SSN got full like telephone number, will it go meltdown? I don't think so, I don't think it is that hard to have Credit bureau add at least 4 digit next to SSN and can be changed ONLY though banks where one prove their ID in order to get new SSN and can be done in just 5 minutes. Also, why banks re-issue you new card every say, 2, 3, or 4 years? IF they can issue you a new credit card#, why can't additional 4 digit security number be added?

OR are you afraid that it would be harder to remember new, additional number on top of your SSN, EH?

You did say that a person's SS# is permanent and cannot be changed, However, under certain circumstances SS# can be changed per the document I provided in the link.
.

 

[kokonut]

Sure, but do you realize that changing SSN would solve the problem? No, why? Because not everyone can update somebody SSN, too many loose ends down there in government system. For instance, if you change SSN, your state DMV may not update, your property taxes may not update with new SSN and could cause problems, and so on. Another issue for banks when one change SSN, they may chase debtor over debt, not realizing new SSN has been issued, banks won't like this any more than you don't. It is not good idea to change SSN.

Ask you, why we are locked to just 9 digit ID number? Is it really impossible to add another digit in anyone's ID? Really? What if 9 digit SSN got full like telephone number, will it go meltdown? I don't think so, I don't think it is that hard to have Credit bureau add at least 4 digit next to SSN and can be changed ONLY though banks where one prove their ID in order to get new SSN and can be done in just 5 minutes. Also, why banks re-issue you new card every say, 2, 3, or 4 years? IF they can issue you a new credit card#, why can't additional 4 digit security number be added?

OR are you afraid that it would be harder to remember new, additional number on top of your SSN, EH?

Um, I've already said this: "You can get a new SS# if you are a victim of identity theft after you have exhausted all possibilities on rectifying the problem. Even if you get a new SS# there's a caveat. Read page 7."

 

[Jiro]

Sure, but do you realize that changing SSN would solve the problem? No, why? Because not everyone can update somebody SSN, too many loose ends down there in government system. For instance, if you change SSN, your state DMV may not update, your property taxes may not update with new SSN and could cause problems, and so on. Another issue for banks when one change SSN, they may chase debtor over debt, not realizing new SSN has been issued, banks won't like this any more than you don't. It is not good idea to change SSN.

Ask you, why we are locked to just 9 digit ID number? Is it really impossible to add another digit in anyone's ID? Really? What if 9 digit SSN got full like telephone number, will it go meltdown? I don't think so, I don't think it is that hard to have Credit bureau add at least 4 digit next to SSN and can be changed ONLY though banks where one prove their ID in order to get new SSN and can be done in just 5 minutes. Also, why banks re-issue you new card every say, 2, 3, or 4 years? IF they can issue you a new credit card#, why can't additional 4 digit security number be added?

OR are you afraid that it would be harder to remember new, additional number on top of your SSN, EH?

eh we'll worry about it when the American population is approaching to 1 billion milestones.

http://www.howstuffworks.com/question719.htm

According to the SSA, the numbers are not recycled. Upon an individual's death, the number is removed from the active files and is not reused. Recycling numbers might become an issue someday, but not any time soon -- statisticians say that the nine-digit SSN allows for approximately one billion possible combinations!