It's also a little ridiculous that this information is still valuable from a fraud perspective. It's completely possible to run as SmartId/Card system (similar to the Estonian national id / e-residency).
So long as just knowing some of these details has value like getting fraudulent credit cards the problem will exist, and criminals will find ways of accessing the data.
Now granted, stuff like the home address is always going to be valuable, but less so if its not as useful for identity theft.
> It's completely possible to run as SmartId/Card system (similar to the Estonian national id / e-residency).
That’s not necessarily a good example of doing it well. Unless something changed since I last looked, after the Estonian certs were all found vulnerable, allowing impersonation and forged signatures on official government documents, the government refused to reissue new certs to citizens.
In other words, they were effectively in the same place as Texas.
I don't think that is accurate. The rollout took time but ultimately disabled certificates that weren't updated. It also didn't lead to major attacks as weak keys still needed to each be exploited.
Sending 3rd parties perfect copies of private data of your citizens to run a credit scheme is a different place.
So long as just knowing some of these details has value like getting fraudulent credit cards the problem will exist, and criminals will find ways of accessing the data.
Now granted, stuff like the home address is always going to be valuable, but less so if its not as useful for identity theft.