Social Security Numbers Easily Cracked

By on Feb 24, 2011

It is easier than ever to guess or predict an individual’s Social Security number, which puts us all at a greater risk for identity theft.

Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File.

Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the northeast and moved westward. This meant that people born on the East Coast were assigned the lowest numbers and those born on the West Coast were assigned the highest numbers. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.

The Carnegie Mellon researchers were able to guess the first five digits of a Social Security number on their first attempt for 44% of people born after 1988. For those in less populated states, the researches had a 90% success rate. In fewer than 1,000 attempts, the researchers could identify a complete Social Security number, “making SSNs akin to 3-digit financial PINs.” The researches concluded, “Unless mitigating strategies are implemented, the predictability of SSNs exposes people born after 1988 to risks of identify theft on mass scales.”

While the researchers’ work is certainly an accomplishment, the potential to predict Social Security numbers is the least of our problems. Social Security numbers can be found in unprotected file cabinets and databases in thousands of government offices, corporations, and educational institutions.

The problem stems from that fact that our existing system of identification is seriously outdated. We rely on nine digits as a primary identifier, the key to the kingdom, despite the fact that our Social Security numbers have no physical relationship to who we actually are. This problem can only be remedied by incorporating multiple levels of authentication into our identification process.

With more than 11 million victims just last year, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Visit CounterIdentityTheft.com to educate and protect yourself.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how a person becomes an identity theft victim on CounterIdentityTheft.com

About the Author

McAfee

McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. Take a look at our latest blogs.

Read more posts from McAfee

Subscribe to McAfee Securing Tomorrow Blogs