Guessing your Social
No, this isn’t a new game at the county fair. Researchers at Carnegie Mellon University say they’ve figured out a way to predict Social Security numbers — in some cases, with frightening accuracy.
From the researchers’ sample, it was possible to identify in a single try the first five digits for 44 percent of deceased individuals who were born after 1988 and for 7 percent of those born from 1973 to 1988. It was possible to identify all nine digits for 8.5 percent of those born after 1988 in fewer than 1,000 attempts.
The accuracy of the prediction system increased for smaller states and for people born after 1988. The accuracy was higher for those born in the late 1980s and after because of rules that led increasingly to the assignment of Social Security numbers at birth.
In one case, the study nailed down one out of 20 entire SSN’s in less than 10 tries for people born in Delaware in 1996.
Researchers used government data that is publicly available in a database called the Death Master File. It lists the SSN’s of people who have died. They combined that data with date of birth and birthplace information, which are used to construct SSN’s. Plenty of people make that information available, on Facebook, for example. Ironically, financial companies use the Death Master File to match records in hopes of preventing identity theft.
The researchers said it wouldn’t be easy for cybercriminals to reconstruct their methodology, but sophisticated hackers might be able to do it. Without going into too much detail, they lay out a scenario in which cybercriminals trying to guess SSN’s for men born in West Virginia in 1991 could get the numbers of as many as 47 people per minute.
The Social Security Administration’s response:
“The public should not be alarmed by this report because there is no foolproof method for predicting a person’s Social Security number,” said the spokesman, Mark Lassiter. “The method by which Social Security assigns numbers has been a matter of public record for years. The suggestion that Mr. Acquisti has cracked a code for predicting an S.S.N. is a dramatic exaggeration.”
For decades, Mr. Lassiter said, the agency has cautioned the private sector against using the Social Security number as a personal identifier. He also said the agency was in the process of creating a random system for assigning numbers, which will be put in place next year.
That sounds like a good idea. Here’s the link to the study.
Marketplace is on a mission.
We believe Main Street matters as much as Wall Street, economic news is made relevant and real through human stories, and a touch of humor helps enliven topics you might typically find…well, dull.
Through the signature style that only Marketplace can deliver, we’re on a mission to raise the economic intelligence of the country—but we don’t do it alone. We count on listeners and readers like you to keep this public service free and accessible to all. Will you become a partner in our mission today?