This is testimony given to Congress sixteen years ago by Marc Rotenberg, the executive director of the Electronic Privacy Information Center. Since 2001, Rotenberg and other privacy experts have been shouting about the SSN-pocalypse. Shoulda listened to Marc!Reached by email today, 16 years after his testimony, Rotenberg told us: "SSN. The eternal privacy issue.""Too many organizations continue to rely on the SSN as an identifier," he said. "And the fact that Experian—a company that advises consumers and companies on how to deal with ID theft—got hacked is beyond belief."Huge numbers of SSNs have been hacked, leaked, or otherwise mishandled in major data breaches at Equifax, Experian, the Office of Personnel Management, the Kansas Department of Commerce and others."I believe that legislation to limit the collection and use of the SSN is appropriate, necessary, and fully consistent with US law. I also believe that if Congress fails to act, the problems that consumers will face in the next few years are likely to increase significantly.
It is important to emphasize the unique status of the Social Security Number in the world of privacy. There is no other form of individual identification that plays a more significant role in record-linkage and no other form of personal identification that poses a greater risk to personal privacy."
Read more: The Motherboard Guide to Not Getting Hacked
SSNs were never designed to be secure, we should stop pretending they are, because they're not and haven't ever been. Burn the SSN."With [the Equifax] compromise, and the OPM one, at this point it's easier for attackers to prove they're 'you' than you can," a security consultant that goes by the name Munin, wrote in a Tweet.You may think it doesn't matter that your SSN could be floating around out there. Let's check in with our man Todd:"It's possible to set up a fraud alert or credit freeze with the three credit bureaus to prevent the first two scenarios, and you can call the IRS and file early to guard against the second.
I'm worried about all the companies that use my Social Security number as authentication. You know, like when you call the bank, and they say is this really you, and you say yes of course, and they say what's your address (included in the breach) and what are the last four digits of your Social (included in the breach), and then they say, fantastic, how may I help you? Except this time it's a thief."