Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy The Internet United States

OMB Website Exposes Thousands of SSNs 107

msblack writes "The New York Times is reporting that an Office of Management and Budget website accidentally exposed at least 30,000 social security numbers publicly online. As many as 100,000 to 150,000 individuals may have been affected. The cost to taxpayers just for notifications and credit monitoring is estimated to run $4 million. 'While there was no evidence to indicate whether anyone had in fact used the information improperly, officials at the Agriculture Department and the Census Bureau removed the Social Security numbers from the Census Web site last week. Officials at the Agriculture Department said Social Security numbers were included in the public database because doing so was the common practice years ago when the database was first created, before online identity theft was as well-known a threat as it is today. '"
This discussion has been archived. No new comments can be posted.

OMB Website Exposes Thousands of SSNs

Comments Filter:
  • by User 956 ( 568564 ) on Friday April 20, 2007 @03:41PM (#18816799) Homepage
    The New York Times is reporting that an Office of Management and Budget website accidentally exposed at least 30,000 social security numbers publicly online.

    Sounds like they got the "Social" part right... "Security", not so much.
  • Oh no. (Score:4, Funny)

    by Mockylock ( 1087585 ) on Friday April 20, 2007 @03:43PM (#18816835) Homepage
    Was 565-459-9342 on the list? If so, can you please take it off?
    • Re: (Score:2, Funny)

      by Kawolski ( 939414 )
      Can you provide all your credit card numbers too just in case one of them are on the site?
    • Was 565-459-9342 on the list?

      You can't fool us Mockylock.
      That's your /. ID from the year 2143 and you've traveled back in time to make a first post.
      Diabolical!

      • You'd think if he had a time machine he'd bother to actually get the first post...
        • You must be new here.

          Or...

          Maybe the comment you made in response to his first post in the future was so harsh, so biting, so damaging to his very core, that he went back in time to prevent you from crushing his soul beneath your heel, like a child steps on an ant?

          Huh? Why didn't you think of THAT!?

          -Red

      • Sadly, in 2143, there will be a need for a post like that. I don't think we will ever get this privacy and security thing right.

        I don't understand why SS numbers should be anywhere close to a web server for them to be accidentally exposed in the first place. Let alone why someone had access to the in order to accidentally expose them that didn't have enough sense to double check his work. I guess using a file servers to hold SS number lists and a completely separate webserver is too much to ask for when My
        • I don't see why SSN's shouldn't be public knowledge. They're not for use by private institutions. They're for use by the Social Security Administration. No one should be using your SSN for identification, period.
  • identity theft? (Score:3, Interesting)

    by homer_s ( 799572 ) on Friday April 20, 2007 @03:44PM (#18816857)

    Officials at the Agriculture Department said Social Security numbers were included in the public database because doing so was the common practice years ago when the database was first created, before...

    anyone was stupid enough to identify people using a number which is not supposed to a secret.
  • by Skevin ( 16048 ) on Friday April 20, 2007 @03:46PM (#18816881) Journal
    That's nothing. Right now, I'm going to threaten to expose every single SS number that has ever existed:

    for ($i=1;$i1000000000;$i++) {
        echo $i . "\n";
        }

    The first line of output is Strom Thurmond's or George Burns' SSN.

    Solomon
    • Re: (Score:2, Funny)

      by winmine ( 934311 )
      So your plan of attack is something like this?

      Haxor: Hello I need to withdraw all of the money from my account. My SSN is 123-45-6789.
      Teller: Is your name John Smith?
      Haxor: Uh....yes.
      Teller: Thank you, here is your money!
      • I have walked into banks before and told the clerk I needed to withdraw money from my savings account and then proceeded to give them My account number from memory. Even though I have only been to this branch once or twice before, the teller looked up my account, filled out my withdraw slip and then asked me by _name_ to sign it.

        The funny thing is that no one asked for ID or compared my signature and I doubt they knew who I was. The funniest thing about it, I didn't think twice about it until just now when
    • Re: (Score:1, Funny)

      by Anonymous Coward
      At least make the effort of printing dashes and leading zeros.

      int a, b, c;
      for (a = 0; a < 1000; a++)
      for (b = 0; b < 100; b++)
      for (c = 0; c < 10000; c++)
      printf("%03d-%02d-%04d\n", a, b, c);
    • Re: (Score:2, Informative)

      by notshannon ( 704145 )
      from http://www.ssa.gov/history/briefhistory3.html [ssa.gov]

      Although, John Sweeney received the first SSN account, his was not the lowest number ever issued. That distinction fell to New Hampshire resident, Grace Dorothy Owen. Ms. Owen received number 001-01-0001.
    • by Phleg ( 523632 )

      And people wonder why I love Ruby. Two alternatives, the latter one is more "fun" but slightly less readable for Ruby novices. The latter one reads, "999,999,999 times, run the method puts".

      999_99_9999.times {|i| puts i }
      999_99_9999.times &method(:puts)

      Seriously, which language would you rather use on a daily basis?

  • by HighOrbit ( 631451 ) * on Friday April 20, 2007 @03:47PM (#18816893)
    Here a permanent fix: render SSNs worthless for financial transactions by making it illegal for any entity besides the IRS, SSA, you employer and your bank to ask for a SSN or keep a record of a SSN for any purpose other than tax collection and Social Security. The employer and bank would only be allowed use it for tax reporting purposes. The credit reporting companies, banks, and data brokers might howl, but too bad. They can use other data identifiers, or even better, learn to personally know their customers beyond a mechanically created credit score tied to a SSN.
    • by Qzukk ( 229616 ) on Friday April 20, 2007 @04:01PM (#18817139) Journal
      The credit reporting companies, banks, and data brokers might howl, but too bad.

      Yes, too bad. It's obvious by now that the market is not going to come up with a solution for this on their own as long as they can use the SSN as a crutch. It's time to yank that crutch back out. The SSN should be discontinued and replaced with a tax id that should only be used for two things: reporting income to the government and paying your taxes or getting your refund. If someone steals my SSN, they're more than welcome to paying my taxes for me, and if they try to hide their income in my tax id we'll find out about it at the end of the year when my tax forms don't match the reports. And if I don't get my refund, well...
    • by ivan256 ( 17499 )
      I have an even better idea. Just get rid of it entirely. The chaos in the financial community will die down rapidly, and the costs will be recovered over time from the lack of incidents like the one in the story.

      The government collected taxes before social security. They didn't need a number for you back then...

      The worst that could happen would be that it would be harder for the government, credit agencies and financial institutions to track you and information about you unless it is directly related to spe
    • The USA PATRIOT act mandates the presentation of a SSN or Tax ID number to open accounts at a financial institution. whee. [gcglaw.com]
    • There is nothing wrong with having a unique identifier for distinguishing between your customers.
      It should be public and fixed, it means that you can distinguish between two different 43 year old John Does from Queens (incidentally, they share a house).

      The problem is not that it is unique, it is that banks assume it is private. There is no magic number a user can type into the keyboard with which a bank can tell if a user is being honest in their responses. *

      Before you say but people can lie and give fals
      • Incidentally, how would you distinguish between the twins I mentioned earlier?


        By their middle names, of course!
      • 'The problem is not that it is unique'

        That is a problem as well. In the world of computer databases it has become far too difficult to be anonymous disappear or even stay private via a crowd.

        If the bank wants to assign me a unique number so they can distinguish between me and other customers then that is great. I don't see any reason there needs to be a global fixed number that some other bank can refer to in order to find out information that is unrelated to my history with them.

        The world functioned before
      • You know, If the banks already blacklisted out of country IPs or at minimum made them go through a proxy that needed validated every so often, (minute) they could eliminate most of the phishing scams and likely stop/limit organized crime in other countries from emptying your accounts if you fall for the scam.

        This could be something done without trusted computing.
    • Here a permanent fix: render SSNs worthless for financial transactions by making it illegal for any entity besides the IRS, SSA, you employer and your bank to ask for a SSN or keep a record of a SSN for any purpose other than tax collection and Social Security. The employer and bank would only be allowed use it for tax reporting purposes. The credit reporting companies, banks, and data brokers might howl, but too bad. They can use other data identifiers, or even better, learn to personally know their custom

    • Re: (Score:3, Insightful)

      by Shadowlore ( 10860 )
      Too late that law was passed decades ago. Later they changed their minds. How about we go one better and revert to it's original purpose: to identify your Social Security account? nah that won't do it either.

      In 1976 they passed a law:
      "To make, under federal law, unlawful disclosure or compelling disclosure of the SSN of any person a felony, punishable by fine and/or imprisonment."

      Take a peek at http://yro.slashdot.org/comments.pl?sid=231667&op= Reply&threshold=3&commentsort=0&mode=thread [slashdot.org]
      • Oh Gods no, you've gotta be joking. I have far too many numbers as it is, and most of them come from government agencies. National Insurance, NHS, Student Number, Driver Number, Passport Number, Voter Number, Birth Record ID, Disclosure ID Number.

        How about keeping the common identifier so you don't have to remember if your number to put on the form is 184763X/HH8 or 0156-857-39, or maybe even Q-384DS09 and coming up with a decent security infrastructure so you can't have your entire identity stolen by someb
      • The way they're phasing out social security benefits, one might wonder as to what exactly the original purpose of the system actually was. "Sure it's ok to get rid of Social Security, but dammit don't lose those numbers!"

    • making it illegal for any entity besides the IRS, SSA, you employer and your bank to ask for a SSN

      That ship has sailed. SSNs aren't going anywhere and aren't getting reigned in with their entire purpose for exiting being outmoded.

      If you want to do away with this kind of exposure, eliminate the need for the SSN to be propogated around with financial transactions. In order to do that, you'd have to eliminate the income tax. Who's up for paying 30%+ sales tax to replace the income tax so that they can keep the

    • http://lifelock.com/ [lifelock.com] LifeLock is a fix for the problem of data theft and its a non-government fix making it more attractive, voluntary, and overall less expencive.
    • Uh, I think the real problem is who's responsible for security. If someone else (incluging the USG or it's contractor in my case) looses/publishes my SSN and then a third party accepts it as proof of identity, why is it my fault?

      Just make the bank responsible for positively identifying people and liable for all looses -- including court costs, loss of time, mental energy -- and they'll start taking identity seriously.

  • So how... (Score:5, Funny)

    by FlyByPC ( 841016 ) on Friday April 20, 2007 @03:48PM (#18816925) Homepage
    ...does exposing 30,000 SSNs affect 100,000 to 150,000 people?

    Oh, I get it. The original SSN recipient and the 3-4 ID thieves. Never mind.
    • Re: (Score:3, Funny)

      by HTH NE1 ( 675604 )

      So how does exposing 30,000 SSNs affect 100,000 to 150,000 people?
      One of them was Kevin Bacon's.
    • I exposed myself once. The cops asked me for my Social Security number.
    • I was dying to know, so I actually RTFA only to find that they had no answer either. Either they were lying about the initial figure or you are correct.

  • by Hoplite3 ( 671379 ) on Friday April 20, 2007 @03:49PM (#18816933)
    A "semi-secret" ID number is a bad tool for ID. You don't need to be an expert in cryptography to realize that a password sent around is plain-text is bogus.

    The deeper issue is why identity theft is my problem. Shouldn't the credit agencies etc. be very very liable for loaning money to someone who is not me? It seems like they are part of the fraud whether they were willing participants or not. I should be able to collect damages when their negligent checking of my identity harms my credit score. Identity theft is a con job, where the perp convinces Visa (or whoever) that they are me. Usually, when cons happen, BOTH the conman and the victim are liable for damage caused. Suppose I conned you into thinking I was a cop and told you to drive me around while I robbed banks. You would still be accessory to my crime even if you claimed you didn't know better. Visa wants to (and currently is) claiming that they are not accessory to the theft of my credit score. That's not right.

    The SSN is just a proxy for the fact that there are different standards for people citizens and corporate citizens.
    • Re: (Score:2, Informative)

      by Kattspya ( 994189 )
      I don't get this either. To me it looks like identity theft is mostly an north American problem. In Sweden we've got personal identification numbers that are used in all dealings with the state and sometimes when dealing with banks etc. It's your birth date followed by four digits and the last digits signifies male of female by being even or uneven. I haven't ever heard of any identity theft cases reported in the media. They may happen but they're not on the news or anywhere else.

      I've seen a lot of ID-the
      • Re: (Score:2, Interesting)

        The problem is twofold:

        1. If somebody is the victim of identity theft, they are held responsible for any debts that the criminal creates in their name until they prove the theft occurred. The victim may not know the theft has occurred until months later, when collection proceedings have begun. The problem here is that it is incredibly difficult to prove that those debts were not created by the victim, and the victim can suffer years of harassing phone calls from debt collectors, and a bad credit rating.
      • by lawpoop ( 604919 )
        "Can someone please tell me how this can me more than a small nuisance (i.e. that's not me fix it now please)?"

        The "now" part escalates it from being a nuisance to a process that can draw out from years. People have reported that it has been resolved at the nuisance level, but I have heard other stories of getting lawyers involved, which is an expensive process here in the US. It also affects your credit score to have outstanding issues, which affects the rate at which people will loan you money. If it t
  • How exactly does one "accidentally expose" all this secret-database stuff?
  • Mine (Score:5, Insightful)

    by Sparr0 ( 451780 ) <sparr0@gmail.com> on Friday April 20, 2007 @03:51PM (#18816955) Homepage Journal
    My SSN is 427347246. This is not a secret. Everyone I have ever worked for knows this. Everyone who has ever drug screened me for employment. Everywhere that has ever had to tell the IRS about my gambling winnings. Half a dozen real estate agents. Over a dozen banks, and over a thousand bank employees. Anyone in earshot every time I have ever called my bank. Broward County got it right, publish them all, expose the farce that is SSN secrecy.
    • Re: (Score:2, Funny)

      by eln ( 21727 )
      Your home address, phone number, birthdate, and mother's maiden name are also not particularly secret. Can you post those too? I'm...um...working on a genealogy project.
      • by Sparr0 ( 451780 )
        The first two are on my resume. The third on my profile with any number of online services. The fourth might be tricky, I wouldn't want to make it too easy for you :) For a hint, consider that the prefix on my SSN identifies where I was born.
    • Re:Mine (Score:5, Interesting)

      by crabpeople ( 720852 ) on Friday April 20, 2007 @04:50PM (#18817771) Journal
      Well your name is Clarence Risher [72.14.205.104]. You may have attended austin university [apsu.edu]. LoL, dude I just found your resume so I think I win http://www.trifocus.net/~sparr/resume.html [trifocus.net].

      Address is

      "122 G Stephanie Dr
      Clarksville, TN 37042
      (931) 980-2760 "


      What else do I need for ID theft exactly?

      • Re: (Score:3, Interesting)

        by Sparr0 ( 451780 )
        Thanks for the reminder that my resume is out of date there, my current address shouldnt be much harder to find. Someone above mentioned my birthdate and mother's maiden name, you can come up with those with a little more work. I don't believe in identity theft. Identity borrowage, maybe. If some other guy is out there somewhere using all my info, what do I care? It's not me, and it doesn't impact me in the slightest. What you won't find online is my signature, which would be expensive and/or time con
        • by Faylone ( 880739 )
          So your method for protection from identity theft is to make it so they'll want to return it?
        • "What do I care?"

          Umm... This is really an odd statement, here. What do you care that someone can convincingly file any sort of transaction under your name (SSN and Mother's Maiden Name). What do you care that someone could borrow $150,000, and put up your house as security. What do you care that someone could use your info to launder money, with a trail leading right to you when the feds look into it and an onus on you to prove it wasn't you?

          Your signature isn't out there, correct. This also means that, whe
          • Re:Mine (Score:4, Interesting)

            by shaitand ( 626655 ) on Friday April 20, 2007 @09:20PM (#18820243) Journal
            'Umm... This is really an odd statement, here. What do you care that someone can convincingly file any sort of transaction under your name (SSN and Mother's Maiden Name). What do you care that someone could borrow $150,000, and put up your house as security.'

            These are all problems for someone with good credit and/or assets or maybe even money. For the majority of the population this is not the case. Most of us don't own a home or even a decent car. Most of us have no credit worth mentioning and probably bad credit besides. What difference does it make if the number you owe on paper grows? It isn't like you could have paid what was there anyway. A few more collectors harassing you? That is why you got a machine years ago. Time in court? Please, you can't afford to file bankruptcy, especially if the only purpose it serves to erase an imaginary debt (I say imaginary because the only chance it has of being paid or collected is in the imagination).

            'What do you care that someone could use your info to launder money, with a trail leading right to you when the feds look into it and an onus on you to prove it wasn't you?'

            The burden is on the feds, not on you. Someone must have gained access to your information, you never went to those places and conducted business. The guy on the bank security cameras wasn't you. The information and picture on the ID the bank photocopied doesn't match yours. How about proof of address? What did they use for that? If they used your address then you would have been sent paperwork before that became an issue. And even without any of that, a claim that someone else used your information is easily within the realm of reasonable doubt. The feds would have to prove not only that my information was used but that it was me who used it. That is of course assuming that you can manage to force your public defender to go to trial instead of plea bargaining. Typically they have enourmous case loads and often are regular attorneys who don't want to waste time on the freebie case.

            • Re: (Score:3, Insightful)

              by xlsior ( 524145 )
              These are all problems for someone with good credit and/or assets or maybe even money. For the majority of the population this is not the case. Most of us don't own a home or even a decent car. Most of us have no credit worth mentioning and probably bad credit besides. What difference does it make if the number you owe on paper grows?

              Maybe now you don't care, but what about 5 years from now? 10 years? 20 years? Do you *ever* intend to buy a house? Would you like to receive medicare/medicaid/social secur
  • So 30,000 SS#'s were exposed, and 150k people might be in trouble? So.. does that mean for every SS# 5 people share it?
    • We call them illegals.
    • Re: (Score:3, Informative)

      So 30,000 SS#'s were exposed, and 150k people might be in trouble?

      The person who noticed the SSNs were available identified approximately 30,000 records with SSNs (not sure if that corresponds to 30,000 SSNs, or more -- because each record might have more than one -- or less, because there might be dupes.)

      The subsequent review by the Agriculture Department suggested 100,000 to 150,000 people may have been affected, which I would assume reflects the range of social security numbers that may have been exposed

  • by Shadowlore ( 10860 ) on Friday April 20, 2007 @03:58PM (#18817069) Journal
    What is disturbing to me is not that these SSNs were exposed, but that they were simply included in "other" databases to begin with. We were told that our SSNs would be limited only to those entities that had a legitimate reason to NEED it. The fact that they were included as a matter of common practice belies this claim. The reference to "before identity theft was a problem" is unadulterated crap. Identity theft has been a problem since biblical times (Jacob and Esau)! The reference to it is a red herring.

    What should have been happening is that SSNs should not simply be included in various databases. They should have been following the rules that we were told they were. Whether or not that was successful, they should have had policies and processes for vetting the database for privacy issues prior to dumping it online. Federal privacy laws predate the Internet. The basic notion of checking your data for data that should not be publicly available predates the Internet.

    IMO this is similar to the claim that "nobody imagined using airplanes as missiles before 9/11". The problem of Identity Theft existed, was well documented, and alone should have given them reason to examine their DB first. The basic laws on privacy should have. And failing that common sense should have. This is a failure on many grounds.
    • There's a reason the expression "good enough for gov't work" exists.
    • What should have been happening is that SSNs should not simply be included in various databases.

      No, that's not true. What should be happening is that SSNs should not be useful for identity theft, since (whether or not they are in public databases), SSNs—because they are also tax identifiers for individuals and thus mandatory in a wide number of applications—are not secrets suitable for identification purposes in the first place.

      OTOH, a public identifier like the SSN that serves the role of a ta

  • I first read the headline as "OMG Website Exposes Thousands of SSNs" and wondered if I had typed in digg.com by accident. Of course, if I had, it would read, "OMG!!! Top 10 AMAZING Websites that Expose SSNs!!!!111!1!ones!!! [PICS]"
    • I first read the headline as "OMG Website Exposes Thousands of SSNs"

      Why would the Object Management Group have SSNs on file?
  • mandated that credit card agency could no longer use or collect SSN in anyway, this probelm would go away.

    The credit card agencies can use their own number systems.

    Yes, that system might be comprimised, but damage will always be limited to the CC agencies.

    • > The credit card agencies can use their own number systems.
      > Yes, that system might be comprimised, but damage will always be limited to the CC agencies.

      Yes, and damages will be the liability to the CC agencies as well. This is why they do not do it. This is why the government doesn't push away SS#'s

      If your CC company came up with its own identification system -- and said system was compromised with your identity stolen, they would be liable for your damages. The way it works now, if your SS is stole
  • We've given these Bush "administration" jerks a blank check for years for security, after they barked "PRE-9/11 THINKING!!!" at anyone suggesting they were going too far, it wasn't worth the tradeoffs, or they were incompetent.

    So they have taken all the power and money, and given us ZERO extra security, while routinely sending us into more and worse danger.

    And if anyone had any doubts about how much this Bush regime thinks we're idiots, just watch a replay of their Attorney General shabbily lying and denyin
    • Moderation -1
      100% Offtopic

      You might not like my post, but it's not "Offtopic". Especially when the summary includes this Bush "administration" official running away from responsibility for this breach by saying:

      Officials at the Agriculture Department said Social Security numbers were included in the public database because doing so was the common practice years ago when the database was first created, before online identity theft was as well-known a threat as it is today.'

      In other

  • Thanks a Lot, FDR (Score:3, Interesting)

    by MarkPNeyer ( 729607 ) on Friday April 20, 2007 @04:12PM (#18817305)

    The entire social security program is absurd. Ignoring the economics of the retirement portion of the program, using SSN's for identification is a terrible idea. The program was never initially designed for the numbers to be used as ID's, but the need for one was so overwhelming that people started accepting them.

    Scrap the entire Social Security program. If you think the government ought to force people to prepare for their retirement, withdraw money from their paychecks and put it in a personal account for them. Hell, even a bank account with 1% interest would give you a better return than social security, and it guarantees ownership of your money, instead of allowing the government to waste it building bridges to nowhere when you die.

    Once that's done, let's design a proper identification system, so it doesn't matter if someone gets your ID number.

    • Re: (Score:3, Insightful)

      by lawpoop ( 604919 )
      "Hell, even a bank account with 1% interest would give you a better return than social security,"

      Not if you get disabled at 25 and you draw social security benefits for the rest of your life.

      Social Security is an insurance program. If we got rid of it, we would have destitute old people living out on the streets, like they did during the depression. If that's the society you want to live in, fine. I don't want to see that one bit.
      • Not if you get disabled at 25 and you draw social security benefits for the rest of your life.
        Social Security is an insurance program.

        Please explain why I'm responsible for your insurance bill.

        • by lawpoop ( 604919 )
          It's part of the social contract. If you want to live in a place without government, move to the middle of the Amazon or Somalia, and live under tribe/gang warfare.
    • If you think the government ought to force people to prepare for their retirement

      Lets stop here for a moment. Lets expand that statement...
      "If you think government ought to use the threat of imprisonment or death to force people to prepare for their retirement".

      Because that is what that force means. It also means that you take away their rights and ability to handle their current situations and needs by removing that money from their control. Perhaps for some people using that money to pay of credit debts,
      • by zCyl ( 14362 )

        If people choose to not save and can't make it tough.

        Without SOME sort of government program to insure such, it is impossible to guarantee a retirement fund. Read the history [wikipedia.org] which inspired the program and understand how a solution is necessary. When the economy is okay it's easy to postulate that everybody should just take care of themselves, but the economy does not always STAY okay. It is times like that when a civilized society does not throw it's old people out to rot on the street, which is the out

    • Re: (Score:3, Insightful)

      by TubeSteak ( 669689 )

      The entire social security program is absurd. Ignoring the economics of the retirement portion of the program

      I'm not sure what set of facts you're working from, but the economics of the social security program are fine.

      The problem has been decades of Democratic and Republican Congresses skimnming surplus money off the SS trust fund to cover their budgetary problems.

      Remember how part of Al Gore's 2000 Presidential campaign was to put Social Security funds into a "lock box"? Even then it was too late to 'save

    • Social Security is broken and needs repair.

      When it was started, the average life expectancy was 62 and the benefit collection age was 65. This was by design.

      Now, the average life expectance is 82. The benefit collection age needs to be raised, no exceptions, to 85. If you're 73 and collecting already, too bad. Get a job for another 12 years. If you're 64 and feeling entitled, get over it. Suck it up and keep working. Work is a contribution to society as well as a way to keep your mind active. Retirement is
  • Just for the rest of the world please explain. :)
    • Re: (Score:3, Informative)

      by MarkPNeyer ( 729607 )

      Every American citizen is issued a "social security number." Social Security is a "retirement" program instituted by the American government to provide for its citizens when they retire. The numbers are now used largely to identify citizens by banks, schools, hospitals, and many other organizations. If you have someone else's social security number and driver's license, you can most likely apply for a line of credit in their name.

      It's basically a combination user-id and password which is transmitted i

      • > If you have someone else's social security number and driver's
        > license, you can most likely apply for a line of credit in their name.

        So it is basically flawed since it needs to be a secret and also needs to be known to number of people (like clerks and so on)? Very, very stupid.
        • Yup. You've got it. You're supposed to keep it 'secret' but you have to give it out to a lot of people all the time. It's a really stupid system. George W Bush proposed getting rid of it, but the democrats howled and their really wasn't much popular support.
    • It's a number issued by the US government to people for payroll deductions for old age, survivors, and disability insurance. Anyone who works regularly must obtain a SSN. Many institutions use this number as the student ID number. Because it is unique to each individual, it is widely used as a personal identification number for banks, CC companies, insurance companies, and whoever else to tie a person in a database with an ID.
  • Comment removed based on user account deletion
  • Comment removed based on user account deletion
  • The New York Times is reporting that an Office of Management and Budget website accidentally exposed at least 30,000 social security numbers publicly online.

    No, actually, the New York Times is reporting that a publicly-released database from the Census Department related to Agriculture Department contained social security numbers. The connections with the OMB are:
    1) Questions about the release were directed to the OMB because the OMB, among other things, coordinates information policies for executive branc

  • by SpaceLifeForm ( 228190 ) on Friday April 20, 2007 @04:35PM (#18817635)
    1. SEC [cnn.com]
    2. DOJ [arstechnica.com]
    3. OMB [nytimes.com]

    "Once is happenstance. Twice is coincidence. The third time it's enemy action."

  • by Demona ( 7994 ) on Friday April 20, 2007 @04:50PM (#18817775) Homepage
    I would have thought that silly Ponzi scheme discredited decades ago.
  • "It is most unfortunate that at least one agency has been inserting personally identifiable information into this database for a number of years," [Gary Bass, executive director of OMB Watch] said. "I'm amazed that, all these years, no one at the Department of Agriculture noticed that they were putting Social Security numbers into a public database."

    Uhhh, dude, if your organization is called "OMB Watch" and hosting a mirror of the database, shouldn't you have noticed that the database contained SSNs??? Not

  • Everyone with power to do something about the situation always wants to limit the distribution of SS#'s, credit card numbers, and other personally identifiable information, as if somehow this will solve identity theft. That's security through obscurity - your SS# is not a password, and trying to keep it secret and keep it safe only leads to failed security.

    The solution is to implement a scheme whereby we can still use SS#'s as an identification number, but where we don't use it as a verification of identit
  • for extra protection always use proxies. http://www.mysecureisp.com/ [mysecureisp.com]

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...