Indeed, I think if our government weren't absurdly corrupt and incompetent that breach should have triggered two things:
1. Announce a timeline to publish SSNs publicly for all people (forcing function for businesses who might drag their feet)
2. Before #1 comes to pass, issuance of actual credentials to replace SSNs for multiple purposes, credentials that
A. can be validated in an online process
B. you can get multiple credentials that all tie back to a secure identity for credit reporting purposes, and you can be notified when new credentials are generated
C. and (*crucially*) can be invalidated for future use when compromised
3. Regulation of the consumer credit reporting industry to force them to only report future credit report lines where identity was validated according to the new process, not just from "1FA" based on a number the credit industry themselves already leaked for the whole country.
#2 is not easy! It would be a massive project. But it's hard to argue that keeping the absurd "secret 9 digit number" joke going isn't even less viable than taking that project on would be.
1. Announce a timeline to publish SSNs publicly for all people (forcing function for businesses who might drag their feet)
2. Before #1 comes to pass, issuance of actual credentials to replace SSNs for multiple purposes, credentials that
3. Regulation of the consumer credit reporting industry to force them to only report future credit report lines where identity was validated according to the new process, not just from "1FA" based on a number the credit industry themselves already leaked for the whole country.#2 is not easy! It would be a massive project. But it's hard to argue that keeping the absurd "secret 9 digit number" joke going isn't even less viable than taking that project on would be.