Police arrest man accused of burning car, woman still missing

Why are we still using Social Security numbers to identify ourselves?

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

NEW YORK (CNNMoney) — So far this year, hackers have stolen more than 6.5 million Social Security numbers, CNNMoney has found.

That’s the absolute bare minimum. It’s likely much more than that.

Getting at the exact number of stolen SSNs is difficult. No single organization or government agency tallies the number. To arrive at the number, CNNMoney examined two dozen hacks that took place in 2014.

The biggest hacks included the 750,000 that were exposed with the recent U.S. Postal Service data breach, 1.3 million stolen from Montana’s health department in June, and 4.5 million from a nationwide hospital network in August.

The damage from Social Security number theft is real. Criminals use those numbers to steal your identity, ruin your credit and grab your tax refund. It can take years and lawyers to clear this up.

And in some cases, criminals use it to fraudulently bill visits to the doctor. That could alter your electronic medical record, which first responders rely on to treat you during emergencies when you’re passed out. It happened to one man in Oregon, according to Bob Gegg at ID Experts, a privacy software company.

This raises an important question: Why are we still using SSNs to verify our identities if they’re so exposed?

It stands in complete opposition of what every security expert says about protecting your identity. The best way to prove you’re you is to present something only you know. But SSNs are relatively easy to find. With a proper license, you can buy them.

Data brokers sell your Social Security number — or parts of it — every day. One Vietnamese man even managed to buy access to a databases that housed 200 million SSNs. It’s unknown what he did with those numbers.

Yet your bank, cable company and mobile provider still insist it’s the only way to know you’re really you.

Neal O’Farrell, a consumer advocate with the Identity Theft Council, thinks it’s an exercise in the absurd. But alternatives are impossible.

Another national ID number “is too monstrous of a task,” O’Farrell said. Too many Americans oppose it. Besides, they’d get stolen too.

What about biometric identifiers, like fingerprints and iris scans? If the FBI’s new and growing facial recognition system is any indication, Americans are too creeped out by this as well.

“There’s no sensible way to look at it,” O’Farrell said.

But SSNs were never supposed to be used this way. When it was created in 1936, the SSN had a single purpose: tracking what U.S. workers earned to determine benefit levels.


It wasn’t designed to be secret — Social Security numbers aren’t even random. You can figure out the first 5 digits by knowing the state and year it was issued.

When IBM computers arrived in the 1960s, they ushered in an age of SSNs as IDs. In 1961, the federal government started using it for employees, even though most are not eligible to collect Social Security. In 1962, the IRS used it for taxpayers. Law then compelled banks to join in. Colleges and hospitals soon followed suit.

And so, the SSN-as-ID system foolishly remains.

CNNMoney is investigating recent hacks. Have you had money stolen from your bank account? Has someone stolen your identity? Share your story.


  • rfrstormer

    Well Until SS numbers are not tied into our lives as an ID, This will always be a problem. Even if we go for another National ID, it will still be data that can be stolen or bought on the open market.

    The real issue to me, is with the HIPAA and PI Rules, why is this datta being sold? I would think that with this data being out on the market that he banks and companies should just offer free credit check to their customers,

    One of the big problem with the Credit Check services (ones that Home Depot, etc. are referring customers too) is that they largely take the companies money, and they provide no service. I have verified this with the companies that offer credit protection services, by opening an account with them, and then 2 months later requesting to open a credit card or line against my account. I have tried all the major ones, none seem to work or give you any alerts as to problems with requests against your accounts. I even went online (thinking that they did not flag accounts for where I lived) but they did not flag the online account request either.

    They never stop the process or flag it for me to check into. So they offer no value at all. The moral of the story, check your accounts, check your credit bureaus every year (more if you can). And be critical of everything

Comments are closed.