Alfred Ng reports:
Multiple government agencies are relying on a security measure that can be easily bypassed thanks to massive breaches like the Equifax hack, the US Government Accountability Office has found. In a report released Friday, the government watchdog group found that the US Postal Service, the Department of Veterans Affairs, the Social Security Administration and the Centers for Medicare and Medicaid Services have still been using “Knowledge-Based Verification” to make sure people who apply for benefits online are authentic.
This verification method asked applicants questions like their date of birth, Social Security numbers and addresses, assuming that only the applicant would have that information. But in Equifax’s breach in 2017, that information had been stolen from 145.5 million Americans, rounding out to more than half the US population.
Read more on CNET.