It wouldn’t prevent breaches, but having data brokers incorporate dummy identities in databases (“canaries”) might make it easier to figure out when a data broker’s database has been compromised and when their stolen information goes up for sale on the underground, Brian Krebs writes.
Getting Congress off the dime to do something about data brokers has not been easy, but maybe this will provide some additional motivation:
As an experiment, this author checked two of the most popular ID theft services in the underground for the availability of Social Security numbers, phone numbers, addresses and previous addresses on all members of the Senate Commerce Committee‘s Subcommittee on Consumer Protection, Product Safety and Insurance. That data is currently on sale for all thirteen Democrat and Republican lawmakers on the panel.
Between these two ID theft services, the same personal information was for sale on Edith Ramirez and Richard Cordray, the heads of the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB), respectively.
To date, and despite this site’s efforts to get Congress and the FTC to take action against Experian, data brokers have generally escaped serious accountability for data breaches that have put millions of Americans at risk of identity theft. And as Krebs notes, the brokers have resisted efforts that would lead to greater accountability.