Social security number predictability exposes citizens to ID theft

US researchers were able to predict US citizens' social security numbers from publicly available information, raising the risk that criminals might steal...

Ian Grant

Published: 18 Aug 2009 12:16

US researchers were able to predict US citizens' social security numbers from publicly available information, raising the risk that criminals might steal identities to commit fraud.

Alessandro Acquisti and Ralph Gross of Carnegie Mellon University, found that information about an individual's place and date of birth could be used to predict his or her social security number (SSN).

Writing in the Proceedings of the National Academy of Sciences they said, "Using only publicly available information, we observed a correlation between individuals' SSNs and their birth data, and found that for younger cohorts the correlation allows statistical inference of private SSNs."

The inferences are made possible by the public availability of the Social Security Administration's Death Master File (DMF) and the widespread availability of personal information from multiple sources, such as data brokers or profiles on social networking sites, they said.

"Our results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies and quantify privacy risks associated with information revelation in public forums," they said.

The authors said that SSNs had become authenticators of many different types of transaction in much the same way that an identity number does, and as such they have become sought after by identity thieves.

"We showed that it is possible to predict, entirely from public data, narrow ranges of values wherein individual SSNs are likely to fall. Unless mitigating strategies are implemented, the predictability of SSNs exposes people to risks of identify theft on mass scales," they said.

Using their method, they identified the first five digits for 44% of DMF records of deceased individuals born in the US between 1989 and 2003 in a first attempt, and the complete SSN in fewer than 1,000 attempts for 8.5% of those records. This made an SSN the equivalent of a three-digit financial PIN, they said.

"Such findings highlight the hidden privacy costs of widespread information dissemination and the complex interactions among multiple data sources in modern information economies. This underscores the role of public records as breeder documents of more sensitive data," they said.

Social security number predictability exposes citizens to ID theft

US researchers were able to predict US citizens' social security numbers from publicly available information, raising the risk that criminals might steal...

Read more on IT risk management

TIN (Taxpayer Identification Number)

Equifax data breach affected 2.4 million more consumers

Equifax breach response deemed insufficient in multiple ways

motor vehicle record (MVR)

SearchCIO

Racial, gender diversity in tech improving at a glacial pace

The future of trust must be built on data transparency

What are the advantages and disadvantages of RPA?

SearchSecurity

Microsoft releases tools as Exchange Server attacks increase

McAfee sells off enterprise business for $4 billion

Rebuild security and compliance foundations with automation

SearchNetworking

Will enterprises adopt SONiC OS and disrupt proprietary WAN?

Enterprise edge is telecom operators' new frontier

NOC performance metrics for optimal operation

SearchDataCenter

CRAC design upgrades simplify HVAC maintenance

IBM leans on Red Hat to adapt Power servers for hybrid cloud

Private cloud certificates to build up your tech skills

SearchDataManagement

Oracle Database 21c looks for adoption of blockchain tables

Yugabyte raises $48M to build out distributed SQL database

What is a data warehouse analyst?