Nine Easy Numbers Away From ID Theft
The Social Security code is a cinch for hackers to crack.
Carnegie Mellon professor Alessandro Acquisti and graduate student Ralph Gross discovered that Social Security numbers are easily predicted using public data. Below, Acquisti tells how.
Please describe your findings.
We found that Social Security numbers, which are supposed to be confidential, are predictable from publicly available data. We can start with someone's birthday, add the state where they were born and, based on these two pieces of information, infer their Social Security number.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
How?
The assignment scheme for Social Security numbers has been publicly available for many years. Take that scheme, combine data from other sources, apply statistics and data-mining tools, and you can end up with information that is significantly more sensitive than what you started with.
Who is most at risk?
It's easiest to predict the Social Security numbers of people from less-populous states and those born after 1988, when a number of policy initiatives made it more likely that parents would apply for a newborn's Social Security number right away. On average, we can identify the entire nine-digit number in fewer than 1,000 attempts for 9% of people born after 1988. That makes those numbers no more secure than a three-digit PIN.
How do you go from there to identity theft?
To make the algorithm work, you need only information that's public or semi-public for most of us. An attacker has to find a way to exploit the information, and unfortunately, there are many ways. For example, attackers can use botnets -- networks of compromised computers controlled by someone, somewhere. Botnets can be used to run automated queries on an online system, such as an online credit-card application, to verify a Social Security number.
How can we prevent such exploitation?
We need to stop using Social Security numbers as both identifiers and authenticators. The numbers were created to identify earnings in the Social Security program. Your phone number is another example of an identifier. But the password for your voicemail is an authenticator, a secret fact that proves you are who you claim to be. No sane person would use the same digits as identifier and authenticator, but that's exactly the way we use Social Security numbers.
Get Kiplinger Today newsletter — free
Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.
Anne Kates Smith brings Wall Street to Main Street, with decades of experience covering investments and personal finance for real people trying to navigate fast-changing markets, preserve financial security or plan for the future. She oversees the magazine's investing coverage, authors Kiplinger’s biannual stock-market outlooks and writes the "Your Mind and Your Money" column, a take on behavioral finance and how investors can get out of their own way. Smith began her journalism career as a writer and columnist for USA Today. Prior to joining Kiplinger, she was a senior editor at U.S. News & World Report and a contributing columnist for TheStreet. Smith is a graduate of St. John's College in Annapolis, Md., the third-oldest college in America.
-
Here's How To Get Organized And Work For Yourself
Whether you’re looking for a side gig or planning to start your own business, it has never been easier to strike out on your own. Here is our guide to navigating working for yourself.
By Laura Petrecca Published
-
How to Manage Risk With Diversification
"Don't put all your eggs in one basket" means different things to different investors. Here's how to manage your risk with portfolio diversification.
By Charles Lewis Sizemore, CFA Published
-
How to Guard Against Identity Theft in 2025
Scammers are getting better at impersonating legitimate businesses.
By Mallika Mitra Published
-
Roth IRA Contribution Limits for 2024 and 2025
Roth IRAs Roth IRA contribution limits have gone up. Here's what you need to know.
By Jackie Stewart Last updated
-
Four Tips for Renting Out Your Home on Airbnb
real estate Here's what you should know before listing your home on Airbnb.
By Miriam Cross Published
-
Five Ways to a Cheap Last-Minute Vacation
Travel It is possible to pull off a cheap last-minute vacation. Here are some tips to make it happen.
By Vaishali Varu Last updated
-
Social Media Scams Cost Consumers $2.7B, Study Shows
Scams related to online shopping, investment schemes and romance top the FTC's social media list this year.
By Joey Solitro Published
-
How to Figure Out How Much Life Insurance You Need
insurance Instead of relying on rules of thumb, you’re better off taking a systematic approach to figuring your life insurance needs.
By Kimberly Lankford Last updated
-
Amazon Big Deal Days Is Coming! We’ve Got All the Details
Amazon Prime To kick off the holiday season with a bang, Amazon Big Deal Days runs Tuesday, October 8 and Wednesday, October 9.
By Bob Niedt Last updated
-
How to Shop for Life Insurance in 3 Easy Steps
insurance Shopping for life insurance? You may be able to estimate how much you need online, but that's just the start of your search.
By Kaitlin Pitsker Published