The Equifax data breach happened in 2017. Information from 145 million Americans was compromised. Immediately the National Institute of Standards and Technology advised all government agencies to stop using what's called Knowledge-based Verification.
That included only asking people for date of birth, social security number and address to verify their identities when applying for benefits.
But two years later The Government Accounting Office found the USPS, Centers for Medicare and Medicaid, the Department for Veterans Affairs and the Social Security Administration still use this verification method. CNET looked at the report and what the response was.
Those agencies told the GAO that while the NIST recommended to stop using the verification, they didn't provide any viable alternatives. there are some though, including authentication in person or using mobile devices to check in.
So, where does it all stand? The Postal Service, and Social Security confirm they're looking into alternatives but don't expect anything to change until 2020.
The VA uses supplemental methods with the outdated method. And Medicare/Medicaid said their users prefer the easier but unsecure method even with the fraud danger.