Equifax, like Capital One, Home Depot, and Marriott, have also suffered massive data breaches in recent years, putting millions of other people at risk of identity theft and more. But the data breach crisis goes deeper than any single credit bureau or other company. Unless we rethink how we verify our identities, experts say, we’ll just keep falling victim to breaches. That starts with Social Security numbers, which have turned into a vital — but vulnerable — method of authentication.
There were over 1,200 reported breaches in 2018 alone, according to the Identity Theft Resource Center. Those breaches exposed over 400 million records. Social Security numbers were the most commonly exposed piece of information, second only to medical information. And it only takes one or two pieces of personal information for a hacker or identity thief to make someone’s life hell — especially once they have a target’s Social Security number.
“If I have your name and your Social Security number, and you haven’t gotten a credit freeze yet, you’re easy pickings,” says security researcher Jim Stickley. Stickley is a “penetration tester,” meaning businesses pay him to infiltrate their systems in order to find flaws they can fix before the bad guys exploit them. “With that, you can do whatever you want,” he says. “You can become that person.”
The Social Security number — created in 1936 to track Americans’ social benefits — was never meant to be a form of identity verification. “It literally said it on the card,” says Stickley. “For Social Security purposes — not for identification.” But that line disappeared in the mid-1970s, and the single identifier proved convenient when it came time for the U.S. to handle information using computers. Since then, Americans have been using their “social” for everything from applying for a credit card to filing their taxes online.
Proposed national ID programs fell to the wayside due to a lack of support and concerns related to privacy and potential abuse. According to testimony from economist and former Trump campaign advisor Stephen Moore, when the idea of a national ID card was proposed in 1981, former President Ronald Reagan remarked, “My god, that’s the mark of the beast.”
But we shouldn’t be using an unchangeable nine-digit code for verification, Stickley says. It’s a little like having a Facebook password that we can’t change even if we know somebody else has it. “It is absurd,” he says. “Your Social Security [number] is not supposed to be your ID.” One potential solution comes from… TIME