I hate the tone of that letter, has the typical PR tone all over it.
Basically to sum it up: "Your Social Security Number, Name, Birthdate, Address, and everything else needed to steal your identity is at risk. But don't worry! Your credit card number is safe."
The whois[1] records for http://anthemfacts.com was registered in December. It took them months to create that PR report and prepare for damage control. They should have notified victims much earlier.
To give 'em the benefit of the doubt-- perhaps perhaps perhaps they needed that particular domain in anticipation of some other instance where they dropped the ball but your conclusion is more compelling.
So, today it was announced that they knew something was up as early as 12/10:
"The company also confirmed Friday that it found that unauthorized data queries with similar hallmarks started as early as Dec. 10 and continued sporadically until Jan. 27.
...
The hackers succeeded in penetrating the system and stealing customer data sometime after Dec. 10 and before Jan. 27, Binns said."
Who cares about credit card numbers when you are protected for free and your credit card can be reissued unlike your SSN. I can't believe than in 2015 there's no modern way to verify and protect your identity! There are still so many stupid system relying on your last 4 of your SSN or DoB as authentication!
In Sweden we have a personal number. It's unique to every person but its not secret at all. You use an official identity card or passport or the electronic variant to identify yourself. I'm guessing its some kind of privacy issue behind there not being a similar system in US? Because it works pretty well.
Just rename it Patriot ID and I'm sure people will come around :/
Seriously, if California is giving driver's licenses to whoever wants them (and who's 16 and can learn to drive), I don't see the harm sending out centrally verifiable identity cards. The costs of implementing such a system have gone way down over the years, but to be sure, bid out the job and finance it with surcharges on credit report checks, and any other transaction that involves verifying identity. There are surcharges everywhere else in the transaction. What probably concerns a lot of people is that they don't want the government to know every time they get a credit check. Not sure how you solve that, other than making this a GSE or legal monopoly.
Sweden's entire population is about the size of the Chicagoland area. Now imagine 320+ million people all living in different semi-autonomous states all with their own bureaucracies and hundreds of taxing authorities. Now imagine proposing a national ID card to these people. Yeah, its not that easy. The US isn't centralized like a lot of European nations. Governance of very critical things are done on the state level and that isn't going to change anytime soon.
>I'm guessing its some kind of privacy issue behind there not being a similar system in US?
The social security system, which is a federal program, produced a unique number for all citizens. The states quickly started using this number in their own bureaucracy and everyone else followed (banks, etc). Now its a defacto numeric identifier.
The big problem here is how easy it is to get credit in my name if you have my SSN, like its the root password to my finances. Credit is far too easy to get in the states from a paperwork perspective. I should not fear other people getting my SSN. Banks and other organizations need to realize that if someone presents my SSN, that doesn't mean its me. More numbers or psuedo-SSN's aren't the fix here. The fix is due diligence and better fraud protections.
Not to mention everyone already carries a unique identifier thats easy to verify - your fingerprint. I think SSN + fingerprint plus a letter sent to my home that needs to be signed should be the minimum to open any line of credit. SSN alone should be worthless.
Its also bothersome that PCI-DSS and other regulations treat credit cards like NSA secrets, which is fine as they should be encrypted, but there's no legislation or guidelines to make SSN's encrypted. SSN's sit as plain-text in every database in the US. That's kind of scary and probably invites hacks.
Not to mention everyone already carries a unique identifier thats easy to verify - your fingerprint.
Actually a surprising number of people don't. For either medical (dermatitis), work (manual laborer wearing them out, operation room personnel scrubbing them out...) or age related reasons.
Well, the US has States and that complicates things quite a bit for this type of thing. Most states will give you a driver's license number as an id (with the appropriate "ID Only" mark).
There is also the Real ID Act[1] that trying to establish federal id requirements. This is going to cause some problems and look for it in the news. It is a DHS enforced national ID law.
And yes, some of the folks in the US believe a national ID that is needed to buy, sell, or get a job would be a little too close to the Bible's mark of the beast. That gives quite a lot of friction to any national id.
some of the folks in the US believe a national ID that is needed to buy, sell, or get a job would be a little too close to the Bible's mark of the beast.
You're exaggerating a bit into a strawman.
I strongly oppose REAL ID (which, by the way, was around for a while before the DHS existed). And as a "tooth fairy agnostic" as Dawkins would say, I'm not the least bit concerned about the number of the beast.
What I am concerned about - and this goes the same for anyone else with whom I've discussed the issue - is, why is it the federal government's business at all when and how I "buy, sell, or get a job"? This seems like a tool for the federal government to get its grubby mitts into more stuff that's not within its enumerated powers.
Perhaps I should have separated that from the DHS stuff, but it is a belief of some folks (enough who vote to have made a long difference) and it goes to why we don't currently have a national id. It is part of the history in the US and the original poster is not from the US and wanted some reasons.
DHS is the agency currently charged with Real ID Act oversight. I'm not sure the who is important before the law is implemented.
A social security number (SSN) is the same idea. The difference is that not every citizen has one.
The problem with this number is that, similar to Sweden, it can be used as an identity number and as a password. This is a terrible thing to do. In your small country of homogenous socially protected people, you may not have a widespread problem of theft. In the US, however, there is an entire industry of stealing these numbers in order to take out new lines of credit, buy items at stores, and then not pay them off.
Basically to sum it up: "Your Social Security Number, Name, Birthdate, Address, and everything else needed to steal your identity is at risk. But don't worry! Your credit card number is safe."