Government and industry rely on Social Security numbers as a fail-safe way to ensure people are who they claim to be, but massive data breaches have led cyber-security experts to argue the nine-digit identifier is past its prime.
High-profile data breaches have dumped hundreds of millions of Social Security numbers into the on-line wilderness recently, fueling a rise in identity theft and financial fraud. In 2015, experts estimated between 60 and 80 percent of Social Security numbers have at some point been stolen by hackers, and that was before the massive breach at Equifax exposed information on 143 million Americans last year.
“Social Security numbers are so deeply compromised and so widely available to the public...that they can no longer be used as an authenticator,” said Paul Rosenzweig, a cyber-security expert at the R Street Institute, before the House Ways and Means Subcommittee on Social Security. While he and other witnesses largely agreed the number can still work as a unique government ID, the days of using it to prove someone is who they say are long over.
“Using my Social Security number as an authenticator is as stupid as using the last four letters as my last name as authenticator, or the last four digits of my phone number,” said Rosenzweig. (NextGov, May 17, 2018)
--
You should never provide your SSN unless specifically required to do so by law. Request that businesses and organizations that use your SSN for identification purposes adopt and use an alternate method. As explained in the Next Gov article, using an SSN for identification is just not safe.
As we saw in my blog post in January 2018, even the Social Security Administration states that: Organizations should avoid using Social Security numbers (SSNs) as identifiers for any type of transaction.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.