Equifax Has Sold Private Data Including Salary Details of Millions of Employees To Other Companies

Equifax-owned company called Workforce Solutions, also known as The Work Number (TALX), sold salary data of its employees to debt specialists, financial service companies, and other organizations. Facebook Inc. is one of those companies buying such data despite the fact that the U.S. Federal Trade Commission put Facebook on privacy probation.

It is well known that social media such as Facebook now encourage their users to share their private data online. These sites’ entire policies are based on encouraging their customers to share their private lives as much as possible. The data shared (most of the time voluntary) is sent to several organizations and companies regardless of users’ consent. Despite the fact that social media users share their private lives online, salary is one of the sacred areas to most people, people who would not want to post publicly how much they earn. Facebook has been buying data from Equifax and also selling all the private data it collects from its users back to several companies including Equifax which had a breach to expose 143 million Americans’ private information.

Equifax Work Number database now contains over 296 million employment records and contains employees at all wage levels, from CEOs to interns. Considering how loose their security level is, apparent from breaches, it is not even a surprise there was unauthorized access to their employee tax records, lasting over a year, from April 2016 to May 2017. Cybersecurity expert Brian Krebs states that ‘crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees,’ to breach TALX’s databases, the Tax Form Management platform. He said due to this method of breaching, Equifax has no idea how many employees were affected from it. Krebs also reported that last September, a research team was able to access 14,000 consumer records after slipping into an online portal where Equifax employees in Argentina manage credit report disputes from consumers, as the password combination was set to an easy guess such as admin/admin.

Equifax-owned The Work Number has such a detailed database about salary data they put on sale that it shows week-by-week data for years, health care providers, types of health care coverage, files of unemployment claims and more. The data The Work Number owns and sells includes 12 million records.

Equifax can easily get and store such private and hidden information through thousands of U.S. businesses, including Fortune 500 companies, government agencies (who hold 85 percent of the entire country’s population), the Department of Defense and even schools. These sectors and people let Equifax tap directly into their data so that the credit bureau can have the latest job information and they even pay for Equifax to own their workers’ private information as they see it as a privilege. Once Equifax collects the private data, it sells the data to third parties such as debt agents, social media giants like Facebook Inc., and various companies giving financial services.

A good example could be given when we look at Facebook employees. A typical employee at Facebook may require verification of his employment through TALX when he applies for a loan, public aid, or a new job. If his new prospective employer is among the 70,000 approved entities in Equifax’s verifier network with a “permissible purpose”, that company can purchase his employment and income information for about $20. Prospective landlords can verify an applicant’s income through The Work Number, or human resources departments can examine an applicant’s background information much cheaper.

How the Work Number process works, according to a 2007 slide about Equifax’s $1.4 billion acquisition of TALX that year. Image: SEC

Of course, gathering data which was more than a fifth of the firm’s $3.1 billion revenue last year makes TALX one of the most profitable businesses of Equifax. Rick Smith, Equifax’s former CEO, said at an event at the University of Georgia in August. “That acquisition, by the way—I don’t know if I’m proud of this or not—but it’s worth about $9 billion today.”

Equifax already confirmed in an emailed statement to News as it shares ‘job data’ with debt collectors and others in agreement with Fair Credit Reporting Act guidelines.

Despite the fact that the Work Number database presents a continuous threat for both employees and consumers with their large database to private data and with little to no protection to it, the Work Number stated they will continue to supply such data for their customers, the sale of the data is included.

Such private data being shared by financial companies means your health status, credit history, financial status, debts, salary, your bank accounts and several other private details about your life are exposed to many organisations and companies. When, for instance, you fail to pay for your credit card debt or hospital bill, the companies can withdraw this amount from your bank account and you won’t even realize it unless you see a detailed account report.

At this point, there does not seem to be a real solution to this big scandal concerning the violation of private data since the Federal Trade Commission (FTC), which is supposed to take care of such issues, also sends its employees’ data to Equifax and it is an Equifax client as well. FTC regularly sends wage and work information about its attorneys and staff members to the Work Number database.

Trade specialists comment about one of the biggest scams of our century concerning the violation of company’s customer related data as a ‘secret CIA’ since it is being done legally and nobody does anything about to prevent it.





Facebook creates scary “shadow profiles” with information you never wanted to give

Everyone already knows Facebook is obsessed with collecting your private information. Data collection seems to be the primary business goal of this company these days. However, what most people do not know is that Facebook does not just collect and archive data taken from your profile. No, Facebook actually keeps huge databases of so called “shadow profiles”. These profiles contain information you never gave to them, infact we are pretty sure you would never allow them to have it.

For example, Facebook is a major customer of third-party data-brokers, who compile huge dossiers on people based on their spending, internet and phone usage, employment history and so on. In addition, Facebook encourages users to upload their entire address books to their system to “find your friends,” and while doing this, most Facebook users do not realize that they are leaking sensitive information, including nicknames, private numbers, and connections to the system.

Facebook mines this data to create their “shadow profiles” of its billions of users. And yes, these profiles are literally filled with data about you that you have never consciously provided to the system. It is data mined from third parties, including your friends, but also those spooky data-brokers we mentioned before. Facebook’s shadow profile system was first confirmed in 2013 when it accidentally leaked all of the users’ shadow profiles to them along with their own data. Something the company says it will never do again out of (ironic) respect for the privacy of the people who provided the data that goes into your shadow profile.

The “shadow profiles” are involuntary and there’s no opt-out. Facebook even has shadow profiles on people who don’t use the service. For example, even though I’m not a Facebook user anymore, multiple people have uploaded their address books containing my email and phone number to the system, thus allowing Facebook to create a profile of my contacts by looking at who lists me as a contact.

Ofcourse Facebook doesn’t like, and doesn’t use, the term “shadow profiles.” because it sounds like Facebook creates hidden profiles for people who haven’t joined the network, which Facebook says it doesn’t do. Ofcourse the company is not being honest about this, as I just explained.

Most users remain unaware of the reach and power of the”shadow profiles”. Because shadow-profile connections happen inside Facebook’s algorithmic black box, people can’t see how deep the data-mining of their lives truly is, until an uncanny recommendation pops up.

Scary examples: (quotes from Gizmodo)

  • A man who years ago donated sperm to a couple, secretly, so they could have a child—only to have Facebook recommend the child as a person he should know. He still knows the couple but is not friends with them on Facebook.
  • A social worker whose client called her by her nickname on their second visit, because she’d shown up in his People You May Know, despite their not having exchanged contact information.
  • A woman whose father left her family when she was six years old—and saw his then-mistress suggested to her as a Facebook friend 40 years later.
  • An attorney who wrote: “I deleted Facebook after it recommended as PYMK a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email.”

As expected, Facebook does what it can to underplay how much data it gathers through contacts, and how widely it casts its net. “People You May Know suggestions may be based on contact information we receive from people and their friends,” Facebook spokesperson Matt Steinfeld wrote in an email.

So how do you stop Facebook from collecting data? Contact every person you know who ever received your contact information and uploaded it to Facebook and ask them to go to Facebook’s contact management page and delete it. That is really the only way.

Just don’t miss anyone. “Once a contact is deleted, we remove it from our system, but of course it is possible that the same contact has been uploaded by someone else,” Steinfeld wrote in an email.

Sources: BoingBoingGizmodo