Your Social Security number IS in the Hands of Criminals

Over the years criminals occasionally contact me to tell me about their exploits and often ask how they can get into the “security awareness” business. Everyone wants to be a Frank Abagnale (Catch Me If You Can movie). These crimes are often sociopaths and incapable of functioning normally without eventually resorting to the easy money crimes. I’ve seen it first hand many many times. Anyway, one time an identity thief emailed me my own SSN, basically flexing his muscles and showing me how cool he is.

Honestly, I’m not worried that my SSN is out there. I do things to make it useless to the thief. Read on.

A hacking group called USDoD claimed to have acquired 2.9 billion personal records from National Public Data, a background check company, in April 2024. The stolen data reportedly included names, Social Security numbers, and addresses of individuals from the US, UK, and Canada, potentially encompassing a vast majority of these populations.

Initially, the hackers attempted to sell this sensitive information on the dark web for $3.5 million. However, on August 6, a hacker associated with another group leaked 2.7 billion records, which were partially verified by Bleeping Computer. The hacker also claimed to possess an even larger dataset.

The Social Security number (SSN) has a rich history dating back to 1936. Here are the key points about its historical background:

Origins and Initial Purpose

The SSN was first introduced in November 1936 as part of President Franklin D. Roosevelt's New Deal Social Security program. Its original purpose was to track individuals' earnings history for Social Security entitlement and benefit computation.

Early Implementation

Within three months of its introduction, 25 million SSNs were issued.

• On November 24, 1936, 1,074 post offices were designated as "typing centers" to process Social Security cards.
• The first SSN was officially announced to be assigned to John David Sweeney, Jr. of New Rochelle, New York, though this was not actually the lowest number issued.

Expansion of Usage aka “Functionality Creep”

Over time, the use of SSNs expanded significantly beyond its original purpose:

• In 1943, Executive Order 9397 required federal agencies to use SSNs in new record systems to identify individuals.
• In 1961, the Civil Service Commission adopted the SSN as the identifier for federal employees.
• In 1962, the IRS began using SSNs as official taxpayer identification numbers.

Widespread Adoption

The 1960s saw a dramatic increase in SSN usage due to the computer revolution:

• Government agencies and private organizations began using SSNs extensively for record-keeping and business applications.
• Usage spread to state and local governments, banks, credit bureaus, hospitals, and educational institutions.

Legislative Changes

Several legislative changes further expanded SSN use:

• In the 1970s, laws were passed requiring SSNs for federal benefit programs and authorizing states to use SSNs for various purposes.
• The 1980s saw requirements for SSNs in areas such as military draft registration, commercial driver's licenses, and food stamp program administration.

Modern Usage

Today, the SSN has become a de facto national identification number used for taxation and various other purposes, far beyond its original scope. However, concerns about privacy and identity theft have led to some efforts to limit its use in recent years.

Protecting Your Information

Given the extensive nature of this breach, it's crucial to take proactive steps to safeguard your personal information:

1. Monitor Your Credit Reports: Regularly check your credit reports for any signs of fraudulent activity or suspicious transactions.
2. Credit Freeze: Immediately contact the credit bureaus and request a freeze on your accounts.
3. Update Security Measures: This incident serves as a reminder to strengthen your online security. Consider updating your passwords and implementing two-factor authentication for your accounts.
4. Stay Vigilant: Assume that your personal information may be compromised and remain alert for any signs of identity theft or fraud.

By taking these precautions, you can better protect yourself against potential misuse of your personal information in the wake of this massive data breach.