Tumbling to SSN privacy
Being right isn’t always satisfying. In June 2006, I wrote:
Giving out the last four digits of your Social Security number makes your entire number a lot more vulnerable. Armed with a computer and an on-line authorization site that doesn’t care if an SSN is checked every day, they probably won’t have any problem finding the rest. Your only hope is that they won’t want to.
Hadley Leggett interviewed privacy researcher Alessandro Acquisti in a July 2009 article on Wired:
There’s only a few short steps between making a statistical prediction about a person’s SSN and verifying their actual number, Acquisti said. Through a process called “tumbling,” hackers can exploit instant online credit approval services—or even the Social Security Administration’s own verification database—to test multiple numbers until they find the right one.
And that was without having the last four digits. Social Security Numbers should never have been used as a combination username and password.
In response to The last four digits of your social security number: The last four digits of your social security number are the least guessable part of your SSN.
- Social Security Numbers Deduced From Public Data: Hadley Leggett
- “By analyzing a public data set called the ‘Death Master File,’ which contains SSNs and birth information for people who have died, computer scientists from Carnegie Mellon University discovered distinct patterns in how the numbers are assigned. In many cases, knowing the date and state of an individual’s birth was enough to predict a person’s SSN.”
More social security numbers
- The last four digits of your social security number
- The last four digits of your social security number are the least guessable part of your SSN.