There's been a lot of debate lately about the vulnerability of Social Security numbers, how to protect them, and how to stop strangers from "borrowing" them. A recent ruling by the Colorado Supreme Court that it's not actually identity theft when someone uses your Social Security number, as long as they use their real name and not the name of the real owner of the Social Security number, has brought the debate to the front burner.
And it's especially personal for me, since I recently discovered that the reason the state of California was taking money from my bank account to pay for tax judgments was because the real tax cheat had been using my SSN in court documents.
Security firm ID Analytics released a study recently about the use and misuse of Social Security numbers, and their numbers were, well, truly eye opening. The company did an analysis of nearly 300 million Social Security numbers in the United States and found some very unsettling results.
- 20 Million Americans have multiple Social Security numbers associated with their name
- 40 million SSNs have been attached to more than one name or person.
- 3 to 4 million SSNs have been used to commit identity fraud.
- Nearly one in 7 SSN holders in the U.S. have two or more names attached to their SSN records.
- 140,000 SSNs were associated with five or more people.
- 27,000 were connected to 10 or more people.
- 5 million SSNs have been connected to three or more people.
So how did things get so bad?
Data and security breaches. According to the Privacy Rights Clearinghouse there are have been more than two thousand data breaches in the last five years alone, exposing more than 500 million personal and financial records. These records are believed to include tens of millions of Social Security numbers, many of which end up on the black market.
- Clerical errors. The IRS and Social Security Administration admit that millions of errors are made every year with Social Security numbers (all it takes is one wrong digit) and it can be almost impossible to fix that mistake. Once a consumer is associated with an incorrect SSN, it can stay with them for life.
- Criminals will often apply for credit cards at multiple banks but using almost an identical SSN in each application — each SSN is often just one digit apart.
- Criminals will often use slightly different first names or street addresses in an attempt to hide a criminal record or bad credit history, and the banks or credit bureaus will just use that incorrect or misleading information in their system.
- Identity thieves will match different names to different Social Security numbers in an effort to trick the credit reporting agencies.
And illegal immigration is only adding to the confusion. According to a report by MSNBC, thieves are renting or loaning Social Security numbers to undocumented workers looking for jobs.
MSNBC also reported that in 2007 the IRS estimated that 6 million undocumented workers paid federal taxes and that according to the Social Security Administration, nearly 10 million workers pay taxes each using the wrong SSN, whether deliberately or by mistake.
Largely because of the financial community, the Social Security number has become a secret password to an individual's financial identity. But if it's not much of a secret any more, then it's not much of a password. With growing calls to find better ways to manage personal credit and identity, maybe we'll come to a point where a Social Security number will be no more secret than your name.
Has your company experienced a data breach? We can help. Call us at 1-888-283-1725, or visit us online, for information and security solutions.