Guessing your Social
No, this isn’t a new game at the county fair. Researchers at Carnegie Mellon University say they’ve figured out a way to predict Social Security numbers — in some cases, with frightening accuracy.
From the researchers’ sample, it was possible to identify in a single try the first five digits for 44 percent of deceased individuals who were born after 1988 and for 7 percent of those born from 1973 to 1988. It was possible to identify all nine digits for 8.5 percent of those born after 1988 in fewer than 1,000 attempts.
The accuracy of the prediction system increased for smaller states and for people born after 1988. The accuracy was higher for those born in the late 1980s and after because of rules that led increasingly to the assignment of Social Security numbers at birth.
In one case, the study nailed down one out of 20 entire SSN’s in less than 10 tries for people born in Delaware in 1996.
Researchers used government data that is publicly available in a database called the Death Master File. It lists the SSN’s of people who have died. They combined that data with date of birth and birthplace information, which are used to construct SSN’s. Plenty of people make that information available, on Facebook, for example. Ironically, financial companies use the Death Master File to match records in hopes of preventing identity theft.
The researchers said it wouldn’t be easy for cybercriminals to reconstruct their methodology, but sophisticated hackers might be able to do it. Without going into too much detail, they lay out a scenario in which cybercriminals trying to guess SSN’s for men born in West Virginia in 1991 could get the numbers of as many as 47 people per minute.
The Social Security Administration’s response:
“The public should not be alarmed by this report because there is no foolproof method for predicting a person’s Social Security number,” said the spokesman, Mark Lassiter. “The method by which Social Security assigns numbers has been a matter of public record for years. The suggestion that Mr. Acquisti has cracked a code for predicting an S.S.N. is a dramatic exaggeration.”
For decades, Mr. Lassiter said, the agency has cautioned the private sector against using the Social Security number as a personal identifier. He also said the agency was in the process of creating a random system for assigning numbers, which will be put in place next year.
That sounds like a good idea. Here’s the link to the study.
We’re here to help you navigate this changed world and economy.
Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.
In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.
Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.