loader gif

Equifax breach impacted the online ID verification process at many US govt agencies

Equifax breach impacted the online ID verification process at many US govt agencies (Incident Response, Learnings)

The 2017 Equifax security breach has thrown a wrench in the process used by US government agencies to verify the identity of US citizens applying for various benefits via its online portals. This process, called online identity verification or remote identity proofing, relied on data provided by credit reporting agencies (CRAs) like Equifax, as a proof of the applicant's identity. In 2017, the National Institute of Standards and Technology (NIST) reacted to this hack by issuing guidance to government agencies, with recommendations on replacing the CRA-based online identity proofing with other solutions like sending an SMS to a user's phone, or having the user send/upload a scan of a physical ID to the government agency, as a proof of identity. But a report from the US Government Accountability Office (GAO), a bi-partisan government agency that provides auditing, evaluation, and investigative services for Congress, has found that only two of six of the government agencies they tested had followed the NIST guidance.

loader gif