Social security number predictability exposes citizens to ID theft
US researchers were able to predict US citizens' social security numbers from publicly available information, raising the risk that criminals might steal...
US researchers were able to predict US citizens' social security numbers from publicly available information, raising the risk that criminals might steal identities to commit fraud.



From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Alessandro Acquisti and Ralph Gross of Carnegie Mellon University, found that information about an individual's place and date of birth could be used to predict his or her social security number (SSN).
Writing in the Proceedings of the National Academy of Sciences they said, "Using only publicly available information, we observed a correlation between individuals' SSNs and their birth data, and found that for younger cohorts the correlation allows statistical inference of private SSNs."
The inferences are made possible by the public availability of the Social Security Administration's Death Master File (DMF) and the widespread availability of personal information from multiple sources, such as data brokers or profiles on social networking sites, they said.
"Our results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies and quantify privacy risks associated with information revelation in public forums," they said.
The authors said that SSNs had become authenticators of many different types of transaction in much the same way that an identity number does, and as such they have become sought after by identity thieves.
"We showed that it is possible to predict, entirely from public data, narrow ranges of values wherein individual SSNs are likely to fall. Unless mitigating strategies are implemented, the predictability of SSNs exposes people to risks of identify theft on mass scales," they said.
Using their method, they identified the first five digits for 44% of DMF records of deceased individuals born in the US between 1989 and 2003 in a first attempt, and the complete SSN in fewer than 1,000 attempts for 8.5% of those records. This made an SSN the equivalent of a three-digit financial PIN, they said.
"Such findings highlight the hidden privacy costs of widespread information dissemination and the complex interactions among multiple data sources in modern information economies. This underscores the role of public records as breeder documents of more sensitive data," they said.
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments