• haroldstork@lemm.ee
      link
      fedilink
      English
      arrow-up
      6
      ·
      4 months ago

      Yes, but according to that same article, “49% of the SSNs exposed don’t include the minimum quality to pose a risk for identity attacks”. So it’s more like 136 million.

      • refalo@programming.dev
        link
        fedilink
        arrow-up
        9
        ·
        4 months ago

        Even still,

        Even if only 51% of the SSNs exposed hold a minimal quality to be used in identity attacks, this translates to added risk to an unprecedented 138 million people.

        Plus, identity attacks are not the only risk of this data being exposed. Stalkers, violent offenders etc. now have addresses/phone numbers and other info they can use as well. Their definition of identity attack also may not be the same as yours. Even if it’s just a name and SSN, that may not qualify to them, but could be useful to someone else in a negative way.

  • Imprint9816@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    4 months ago

    It sounds like they just report the number they are sure of at the time and update the filing later. Very high chance the number of affected is much more then 1.3M - the number of unique email addresses alone makes it pretty clear its more.

    The situation doesn’t come without precedent either. It’s not uncommon for organizations disclosing data breaches with US state officials to update those filings down the line as investigations into potentially compromised data continue.