Hackers may have leaked the Social Security Numbers of every American

There's been enough leaks from DMVs, credit bureaus, credit cards, and a myriad of businesses that require an SSN for verification checks by now that if every SSN wasn't already in the hands of attackers I would be surprised.

The small private college I attended in the early aughts used your SSN as your student ID and it was printed on everything. Transcripts, official records, basically any piece of paper with your name on it. You'd even speak it aloud to the worker at the book store to pick up your books for the semester. It was everywhere.

As a kid twenty years ago, I was mildly bothered by it but imagined they must know what they are doing.

Looking back at near 40, with the hindsight of years, I'm flummoxed. Like, what the hell, who's absolutely terrible idea was this?

Great, the sooner a 9 digit number stops being significant, the better. They were never meant to be a ubiquitous identifier/authentication token.

I've never really understood why it's supposed to be considered secret but also has to be given out sometimes and also can't be changed unless in witness protection.

(Information all from Hollywood.)

Other countries don't seem to have this problem? You can have my bank account number, driving licence number, passport number, national insurance number if you want?

Good maybe we'll finally pass a bill to give us better working public identification numbers.

> The data, which is unencrypted, is believed to have been obtained from a broker called National Public Data.

I'd be happy to join a trillion-dollar class action lawsuit against whomever assembled this data without securing it.

Most of my life my SSN was also my drivers license number. Then my state a few years ago changed the numbers. Great! Now some hotels want to copy both sides of your license before renting you a room. My doctors office and local hospitals copy them too.

A few years ago, Capital One credit cards wouldn't let us pay our bill online, which we had done for several years, unless we sent them a copy of both sides of our DL's! I called them and said no thanks and they said I would have to began paying through the mail. We paid off both cards and canceled them.

Have said all this, it's prob just a matter of time before my DL number is hacked by someone through some weakly secured site.

Fortunately Social Security numbers aren't used for anything other than Social Security! Right?

Right???

Maybe we can finally stop using the SSN as if it were both a public and private key...

A few weeks ago I started receiving notices that my SSN was detected online by the identity monitoring company I use. I guess this is the source of that.

Around a year ago my identity was stolen (new CCs opened in my name). At that time I froze my credit on all 3 of the agencies. It's easy to turn it off/on with a switch so I have left it frozen. Its a good feeling knowing that no one can open a new CC in my name.

Sadly, financial institutions will continue to use knowledge of your SSN and DOB as proof that you are who you claim you are. And if you're not, that's the problem of the sucker whose identity got stolen.

Financial institutions in America prioritize convenience over security.

The owner of Jerico Pictures, Salvatore Jr. Verini, also registered a new company this year called National Criminal Data LLC.

https://search.sunbiz.org/Inquiry/CorporationSearch/SearchRe...

What else is new? It seems every week there is some massive data dump of private information. Until people/CEOs start going to jail for lapses in security, that allow these hacks to happen, things will not improve.

mirror of the leaked data:

   awk 'BEGIN{for(i=0;i<=999999999;i++)printf"%03d-%02d-%04d\n",i/1000000,i/10000%100,i%10000}'

The distribution of SSN numbers in the US is well known including the special use for railroad and US territories with sequential numbers. I dissected much of that through historical publication of the death master database and made a lookup for it at https://numchk.com/ as a fun side project.

I'm from the USA so I don't have great perspective here. Don't other countries have basic secure chips in their cards? Don't they attenuate or whatever similar to how NFC works?

I mention it because I have little hope in going after the scammers legally or playing cleanup later.

I do not care. My SSN has been leaked for a decade at least. I have freezes on all my credit history. I file my taxes with a PIN. I need photo ID to get medical treatment and get it billed to my insurance. SSN is not the secret thing it once seemed to be (but never really was).

why has the US government never forbidden anyone else using it?

is it just the usual "the US government is catastrophically compromised by the private data monetisation industry"?

Mine has been leaked so many times at this point that I'll openly share it with anyone that wants it. Anyone here want my SSN? Just DM me. <3

What’s interesting to me is that the company, “National Public Data” is a wholly owned subsidiary of a company called Jerico Pictures (yes without the h)

What the heck business model explains a video production company owning personal data for practically every American? I feel like there is a lot more than meets the eye on this one.

The sooner Americans don't have an unauthenticated, reused, primary key and serial number, the better.

And why is one magic number so critical?

No one checks who uses that number? How is that even a thing?

I have identity protection from three different leaks now...

Social Security numbers should simply be banned.

> Hackers may have leaked the Social Security Numbers of every American

...thus making them available to the the only group left without easy access.

My larger point being that it's time to shift our concern from privacy - to disproportionate privacy.

It isn't randos who routinely harm/exploit us with our own data but those in power.

I suggest that equal privacy would serve us far better than privacy laws that target us and few else.

For equal privacy, the default starts out somewhere near: If you can see mine, I can see yours. If you're going to restrict just us, 1) you need to openly+clearly justify it and 2) the restrictions need to sunset.

when i went to jail in boston (peaceful protest), BPD wouldn't release us until we gave them our social security numbers. when we showed up to court, they gave everyone a packet that contained the name, home address, mugshot, and social security number of everyone that was arrested. half of the time of the court proceedings was the NLG saying hey, what the fuck are you doing? can you please redact this?

I hate to be this way.

Good! When Congress Critter's little blond granddaughter gets pwned (someone takes her identity), maybe Congress will get real serious about really punishing these Companies when a breach happens.

But we know what will really happen in this scenario, the Company will get funding (bailout) from the Feds, the CEO will resign with millions of USD, the CEO will become a lobbyist.

And in reality, the granddaughter will get special treatment from the Company due to who she is.

Oh No! \s

As if SSN wasn't already the most insecure form of identification on the planet. Maybe now we can stop pretending it's a valid form of identification.

Great, more training data for LLMs...