Study Alludes To Government Mishandling Social Security Numbers
An investigation slated for the September issue of Consumer Reports and announced in early August has suggested that government leaks of information resulted in the loss or exposure of about 44 million consumer records from 2005 to mid-2008.
The government’s apparent negligence, evidenced by recent spot examples reported in the news, was worrisome but unsurprising, says Robert Siciliano, identity theft protection expert and chief security analyst for One You Security LLC. He stresses that Social Security numbers are already exposed to the public, and points to his company’s services that render the numbers useless to the thieves who can easily obtain them anyway.
“At the government level, leaks of identifying information useful to thieves occur on a grand scale,” Siciliano says. “This is largely because municipal governments continually fail to update their antiquated processes, which results in officials posting Social Security numbers and more online, for all to see. Most consumers recognize that this is incredibly negligent behavior. But they must also accept the fact that it nevertheless happens, and that privacy is not the answer. Why? Privacy is no longer possible. Consumers must now manage their unfortunate circumstances by turning to services that transform their no-longer-private information into something of no use to the thieves who are going to obtain it anyway.”
In early August, news reports across the United States surfaced to suggest that Social Security numbers, as well as other identifying consumer information, are subject to questionable handling and practices when in the hands of municipal governments:
• In Wayne County, Mich., many residents’ “Social Security numbers, salaries, birth dates and other important identifier information have been on the Web since 2000,” reported Detroit’s Daily Free Press.
• The Associated Press reported that recipients of traffic citations in Virginia and the District of Columbia “could find their Social Security numbers posted on a state Web site if that information is on their driver’s license.” The online documents display full name, address, gender, height, weight and birth date of the drivers and, if their driver’s licenses have the information, their Social Security numbers, too.
• In New York State, The Democrat and Chronicle reported that the Social Security numbers “of hundreds of Monroe County residents who filed for bankruptcy several years ago are available for viewing on the County Clerk’s Web site.” According to the article, the posting online of U.S. Bankruptcy Court documents, which display the information, was regular practice earlier in the decade.
These and other reports were in fact “par for the course,” according to Siciliano, who was unsurprised by Consumer Reports data on the matter announced two days earlier. The publication analyzed records of publicly reported data breaches compiled by the nonprofit Privacy Rights Clearinghouse and found more than 230 security lapses by federal, state and local government from 2005 through mid-June 2008 resulting in the loss or exposure of at least 44 million consumer records containing Social Security or driver’s license numbers and other personal data, according to the press announcement.