Carnegie Mellon professor Alessandro Acquisti and graduate student Ralph Gross discovered that Social Security numbers are easily predicted using public data. Below, Acquisti tells how.
Please describe your findings.
We found that Social Security numbers, which are supposed to be confidential, are predictable from publicly available data. We can start with someone's birthday, add the state where they were born and, based on these two pieces of information, infer their Social Security number.
From just $107.88 $24.99 for Kiplinger Personal Finance
Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
How?
The assignment scheme for Social Security numbers has been publicly available for many years. Take that scheme, combine data from other sources, apply statistics and data-mining tools, and you can end up with information that is significantly more sensitive than what you started with.
Who is most at risk?
It's easiest to predict the Social Security numbers of people from less-populous states and those born after 1988, when a number of policy initiatives made it more likely that parents would apply for a newborn's Social Security number right away. On average, we can identify the entire nine-digit number in fewer than 1,000 attempts for 9% of people born after 1988. That makes those numbers no more secure than a three-digit PIN.
How do you go from there to identity theft?
To make the algorithm work, you need only information that's public or semi-public for most of us. An attacker has to find a way to exploit the information, and unfortunately, there are many ways. For example, attackers can use botnets -- networks of compromised computers controlled by someone, somewhere. Botnets can be used to run automated queries on an online system, such as an online credit-card application, to verify a Social Security number.
How can we prevent such exploitation?
We need to stop using Social Security numbers as both identifiers and authenticators. The numbers were created to identify earnings in the Social Security program. Your phone number is another example of an identifier. But the password for your voicemail is an authenticator, a secret fact that proves you are who you claim to be. No sane person would use the same digits as identifier and authenticator, but that's exactly the way we use Social Security numbers.
-
Think You Know How to Be Happy in Retirement? These 9 Stats May Surprise YouWhen it comes to your retirement happiness, don't believe everything you hear. We've turned to solid research for the facts on finding your bliss in retirement.
-
If You're Retired or Soon to Be, Don't Miss These Tax BreaksThe OBBB offers some tax advantages that are particularly beneficial for retirees and near-retirees. But they're available for only a limited time.
-
Waiting to Retire to Give to Charity? 3 Reasons to Do It NowYou could wait until retirement, but making charitable giving part of your financial plan now could be far more beneficial for you and the causes you support.
-
Seven Things You Should Do Now if You Think Your Identity Was StolenIf you suspect your identity was stolen, there are several steps you can take to protect yourself, but make sure you take action fast.
-
The 8 Financial Documents You Should Always ShredIdentity Theft The financial documents piling up at home put you at risk of fraud. Learn the eight types of financial documents you should always shred to protect yourself.
-
How to Guard Against the New Generation of Fraud and Identity TheftIdentity Theft Fraud and identity theft are getting more sophisticated and harder to spot. Stay ahead of the scammers with our advice.
-
12 Ways to Protect Yourself From Fraud and ScamsIdentity Theft Think you can spot the telltale signs of frauds and scams? Follow these 12 tips to stay safe from evolving threats and prevent others from falling victim.
-
Watch Out for These Travel Scams This SummerIdentity Theft These travel scams are easy to fall for and could wreck your summer. Take a moment to read up on the warning signs and simple ways to protect yourself.
-
Amazon Resale: Where Amazon Prime Returns Become Your Online BargainsFeature Amazon Resale products may have some imperfections, but that often leads to wildly discounted prices.
-
How to Guard Against Identity Theft in 2025Scammers are getting better at impersonating legitimate businesses.
-
Roth IRA Contribution Limits for 2026Roth IRAs Roth IRAs allow you to save for retirement with after-tax dollars while you're working, and then withdraw those contributions and earnings tax-free when you retire. Here's a look at 2026 limits and income-based phaseouts.
