- cross-posted to:
- privacy
- cross-posted to:
- privacy
A hacking group called USDoD claims to have stolen 2.7 billion records of personal information from Americans, including their Social Security numbers and physical addresses.
USDoD offered to sell the stolen records, which included personal data for everyone in the US, UK, and Canada, to a forum of hackers.
The data was stolen from National Public Data, a platform that offers personal information to employers, private investigators, staffing agencies and others doing background checks.
Honestly, we need to replace social security numbers if we insist on using them as a form of identification (they never were designed for this); they follow a pattern (which is publicly available) and can be partially predicted without knowing too much about the individual. They were originally for Social Security only (hence their name), but then the IRS decided to use them for ID and then others followed suit, and we got to where we are now
We don’t insist on using them as identification. Insurers, credit companies, and other business interests used them as identifiers and then tried to magically make them secret for some stupid reason that probably involved saving them money.
SSNs are just a string of numbers. My college test scores were posted by SSN in the mid 90s before the credit companies started to pretend they were secret, because it was an easy way to make them visible without posting people’s names. It also helped avoid confusion when two people had the same name.
Some company having access to SSNs should NOT be important in any way. It is, but only because of credit and other companies treating it like a national secret.
It’s an example of how being efficient and being lazy are sometimes just perspectives.