[Infowarrior] - more on ... 15m T-Mobile customers affected in Eperian data breach,

[Richard Forno]

> On Oct 1, 2015, at 11:51 PM, matthew wrote:
> 
>> take our customer and prospective customer privacy VERY seriously
> ...
>> The data stolen included names, dates of birth, addresses and Social Security numbers
> 
> AFAIK T-mobile and the entire credit bureau industry are violating FEDERAL law by even having the SSN let alone pressuring people to disclose it. Not that one can't wreak plenty of havoc with the other data elements but if 300 million Americans would just say "I refuse to provide my SSN to any entity that is not the SSA or IRS (possibly Dept of Health which administers Medicaid)" we'd make some progress.
> 
> I got something for the USG Information Security Czar of the day - publish an Exective Order that every agency that isn't the 2 (maybe 3) above is required within 30 days to delete every SSN in every database they have. And direct the DoJ to sue every health provider, insurance company, and credit bureau for violations of law. Gov't thuggery can be useful at times, turn them loose on these clowns.
> 
> And furthermore amend IRS regulations (I don't think it's a Congressional law) that all banks and financial institutions will likewise strike all SSN records (system-wide, or at the very least delete all but last 4) from their accounting systems and tax-reporting mechanisms. Between name and address and last 4 the IRS can figure it out.
> 
> Tax preparers likewise are prohibited from having the whole value if any at all. If e-file, they upload the file to the IRS sans SSN, and give the user a record identifier which the user must then use the IRS 'portal' to fill in their SSN and hit submit.
>