A few weeks ago Internet security outfit McAfee analyzed data published by several sources, and put together a list of the ten most dangerous places for you to give out your social security number. By which we mean, the top 10 places that legitimately ask for your social security number, and to which you would be inclined to provide your SSN. These include banks, hospitals, and your own local government.
Using data from such places as the Open Security Foundation, the Privacy Rights Clearinghouse, and the Identity Theft Resource Center, McAfee’s Robert Siciliano, McAfee’s resident identity theft expert, analzyed and collated the information related to more than 500 data security breaches, involving social security numbers, that had occurred in the past 22 months.
500+ breaches over 22 months. That means that, on average, there are more than 5 data security breaches involving social security numbers every week!
By far the sector with the most social security number data breaches were institutions of higher learning (universities and colleges), averaging nearly 5 such breaches a month – more than one a week.
But if you think that because you are past university age, and have no offspring attending these venerable institutes, you are safe, well, not so fast. Because banks and other financial institutions are a close second, with 96 such breaches in the past 22 months (averaging almost exactly one a week).
Hospitals placed third, and then in 4th place, 5th place, and 6th place are state, local, and Federal governments, in that order. In fact, if you add the total number of social security data breaches for the three types of government, there were 134 data breaches for the govermental sector, averaging more than six such breaches a month.
Finally medical services businesses, non-profit agencies, technology companies, and medical insurance companies and medical offices round out the bottom four most dangerous places to trust your social security number, but don’t let that fool you, because taken as a whole, those bottom four experienced 93 social security number-leaking breaches in that twenty-two month period – still nearly one a week.
Says Siciliano, “For the past 70 years, the social security number has become our de facto national ID. But functionality creep, which occurs when an item, process, or procedure ends up serving a purpose that it was never intended to perform, soon took effect.”
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Siciliano goes on to explain that “You’re forced to disclose your social security number regularly, and it appears in hundreds or even thousands of files, records, and databases, accessible to an untold number of people. Anyone who does access your social security number can use it to impersonate you in a hospital, bank, or just about anywhere else.”
According to Javelin security, nearly a third of all identity thefts start with the identity thief acquiring the victim’s social security number.
And make no mistake – it is very easy for criminals to acquire your SSN. A few months ago we were the victims of such identity theft – and, because we are who we are, we were able to pretty quickly determine quite a bit about the thieves, including how they got our identity information. And here’s how they got it: they received it in an email – an email that contained not only our social security number, but our full credit card information (all 16 digits, the expiration date, and the security code on the back) – and that contained the same information for dozens of other people. This was emailed to an account they had opened at a major free webmail provider. That’s right, these criminals simply open a Gmail / Hotmail / Yahoo account, pay someone some amount of money, and get your SSN and credit card details emailed them.
So, what can you do about this? First, be sure to regularly check your banking, credit, and other financial accounts to make sure that there are no unauthorized uses and, if there are, report them immediately.
Second, when asked to divulge your social security number, make it a practice to ask whether it is really necessary to provide your SSN, or are there alternatives? You can refuse to share your social security number, but they can also then refuse to do business with you, at which point you have a choice to make (stand on principle, or give them your SSN in order to receive their service).
Still, we think it’s a good idea to make a practice of not giving it up without a fight (well, maybe not a fight, but at least not without questioning the necessity of divulging your SSN) – if everybody started questioning it each time when confronted with a request for their social security number, perhaps, eventually, businesses, at least, would get the message.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!