Data Management

I Just Found 10 Million SSNs

Date Added: Jul 2009
Format: PDF

The threat originates from the interaction of three (individually innocuous) trends: greater (self) publication of personal information; well-meaning government attempts to prevent SSN fraud (which backfires); and the increasing automation of SSN assignment systems (which introduces regularities attackers can exploit). An attacker could exploit these trends by analyzing publicly available records from the SSA Death Master File (DMF) to detect statistical patterns in the SSN assignment for individuals whose deaths have been reported to the SSA; and then, by interpolating an alive person's state and date of birth with the patterns detected across deceased individuals' SSNs, to predict a range of values likely to include his SSN.