Get Our Email Newsletter

‘It Is Absurd.’ Data Breaches Show it’s Time to Rethink How We Use Social Security Numbers

Equifax, like Capital One, Home Depot, and Marriott, have also suffered massive data breaches in recent years, putting millions of other people at risk of identity theft and more. But the data breach crisis goes deeper than any single credit bureau or other company. Unless we rethink how we verify our identities, experts say, we’ll just keep falling victim to breaches. That starts with Social Security numbers, which have turned into a vital — but vulnerable — method of authentication.

There were over 1,200 reported breaches in 2018 alone, according to the Identity Theft Resource Center. Those breaches exposed over 400 million records. Social Security numbers were the most commonly exposed piece of information, second only to medical information. And it only takes one or two pieces of personal information for a hacker or identity thief to make someone’s life hell — especially once they have a target’s Social Security number.

“If I have your name and your Social Security number, and you haven’t gotten a credit freeze yet, you’re easy pickings,” says security researcher Jim Stickley. Stickley is a “penetration tester,” meaning businesses pay him to infiltrate their systems in order to find flaws they can fix before the bad guys exploit them. “With that, you can do whatever you want,” he says. “You can become that person.”

LP Solutions

The Social Security number — created in 1936 to track Americans’ social benefits — was never meant to be a form of identity verification. “It literally said it on the card,” says Stickley. “For Social Security purposes — not for identification.” But that line disappeared in the mid-1970s, and the single identifier proved convenient when it came time for the U.S. to handle information using computers. Since then, Americans have been using their “social” for everything from applying for a credit card to filing their taxes online.

Proposed national ID programs fell to the wayside due to a lack of support and concerns related to privacy and potential abuse. According to testimony from economist and former Trump campaign advisor Stephen Moore, when the idea of a national ID card was proposed in 1981, former President Ronald Reagan remarked, “My god, that’s the mark of the beast.”

But we shouldn’t be using an unchangeable nine-digit code for verification, Stickley says. It’s a little like having a Facebook password that we can’t change even if we know somebody else has it. “It is absurd,” he says. “Your Social Security [number] is not supposed to be your ID.” One potential solution comes from… TIME

Loss Prevention Magazine updates delivered to your inbox

Get the free daily newsletter read by thousands of loss prevention professionals, security, and retail management from the store level to the c-suite.

What's New

Digital Partners

Become a Digital Partner

Violence in the Workplace

Download this 34-page special report from Loss Prevention Magazine about types and frequency of violent incidents, impacts on employees and customers, effectiveness of tools and training, and much more.

Webinars

View All | Sponsor a Webinar

Whitepapers

View All | Submit a Whitepaper

LP Solutions

View All | Submit Your Content

Loss Prevention Media Logo

Stay up-to-date with our free email newsletter

The trusted newsletter for loss prevention professionals, security and retail management. Get the latest news, best practices, technology updates, management tips, career opportunities and more.

No, thank you.

View our privacy policy.