Everyone has heard about the Equifax security breach that had compromised an unknown number of Americans. but not everyone has heard about another of Equifax’s services: The Work Number
The Work Number is a service that provides an individual’s detailed salary and employment history. It was designed to provide automated employment and income verification to employers. It can also provide proof of income should someone be applying for a loan.
With such a large database of private information and the above image the first thing you see when going to: www.theworknumber.com/Employees you would expect a large number of security protocols defending it. Initially, yes, but after the recent Equifax breach, maybe not so much.
To access he information requires one to input their employer’s code, which would be easy to look up if the Equifax system wasn’t down for maintenance. Then it asks for a “User ID” which in most cases it your SSN or a portion of it. Finally it asks for your “PIN” which is defaulted to be some variation of your Date of Birth (mm/dd/yyyy or yyyy/mm/dd). After gaining access is does require you to change the PIN and set up half a dozen security questions for verification. Then it allows you to access any of your income or employer history on its database.
The troubling thing about this is that in the Equifax security breach some of the major pieces of information stolen was DOB and SSN, allowing someone to access your information as long as they could learn who your current employer is, in order to get the employer code. After they gain access to the Work Number, a potential hacker can change your PIN and set up security questions and lock you out of the whole system.