During a routine check of her new 401(k) account, “Holli” discovered something that wasn’t quite right. The name of another person was attached to her account. A person she didn’t know.

It is something the experts call Social Security Number-only identity theft. And it is more popular than you might think.

On Friday I mentioned that Todd Davis of LifeLock, the guy that you hear spouting his SSN in radio and print advertisements in an effort to prove that his system is so secure, had been hacked 87 times in obvious efforts to scam. What is unknown and unknowable, really, is the number of times his SSN has been used simply for employment, aggravating the immigration issue.

Holli discovered that the person piggybacking on her SSN was a man named Paulino Rodriguez, a resident of Escondido, CA. He was using her SSN to work at a local Burger King.


Escondido is Ground Zero of the immigration debate. Just a few minutes north of the Mexican border, near San Diego, Escondido is home to thousands of Mexican immigrants who battle their way every day into the country and into gainful employment. Mexicans have been fighting in Escondido for a long time. Not far away, in 1846, U.S. forces were routed in the Battle of San Pasqual during the Mexican-American war, the worst American defeat of the conflict. Today, some say, Mexicans are again overwhelming American forces in a different kind of battle.

For the past three years, Paulino Rodriguez used Holli’s Social Security number for the right to work at the Escondido Burger King. Recently, with his wife and four children, he took up residence in a middle-class subdivision on Espanas Glen Street in Escondido, a short block near Interstate 15.

Rodriguez, according U.S. immigration officials, is a Mexican national with no right to work in the United States. But thanks in part to Holli’s Social Security number, he had found a decent life for his family in Escondido, which means “hidden” in Spanish. But that life was safe only if no one found out he was sharing Holli’s identity.

Across America, perhaps millions of U.S. citizens are sharing their identities with undocumented workers who are virtually hiding behind Social Security numbers like Rodriguez. The data on the subject are incomplete, but each year nearly 10 million workers pay their taxes using the wrong Social Security number. While this can happen for a variety of reasons, most often it involves restaurant and farm workers, suggesting many of those 10 million workers are employees who are using someone else’s SSN to satisfy federal employment requirements.

The really sad note to this case is that Holli had to not only do all the legwork — easy because she had all of Paulino’s information available to her — but every so-called authority she contacted couldn’t help her. Even when she told Rodriguez’s employer, Reddy Restaurants, Inc., that he was working on her stolen SSN, they declined to get involved. She called the Social Security Administration, the Federal Trade Commission, her 401(k) administrator, and even an attorney only to hear the same thing, “We can’t help you.” Her attorney explained that as long as her credit hadn’t been affected, it wasn’t a criminal issue.

Fortunately, Holli is persistent and convinced her local police department to take a report and forward it to Escondido police. Then she followed up with Escondido police until the report was passed to the investigations department and Detective Damon Vander Vorst. Vander Vorst arrested Rodriguez on May 13 on charges of identity theft and falsifying government documents.

Rodriguez is currently at Vista Detention Facility awaiting disposition of the criminal charges. Meanwhile the Immigrations and Customs Enforcement agency has taken an interest in him and placed a “hold” on him. That means that he is “subject to deportation” according to an ICE spokesperson.


Immigrant imposters usually just provide a Social Security card to their employer on their first day of work to fulfill what’s known as the “I-9” requirement. Since new employment rules took effect in 1983, U.S. workers must supply documentation to prove they are eligible to work; nearly always, a Social Security number is used. While employers can call the Social Security Administration to perform limited verification of the information, that’s seldom done. So it’s possible — in fact common — that employees’ names and numbers don’t match. When that happens, no one gets credit for the taxes paid by the worker. The money simply ends up in the U.S. Treasury. Since 1983, more than $500 billion in uncredited Social Security wages have been earned by so-called “no match” employees like Rodriguez. That hidden financial benefit for the government is one reason, Holli suspects, that agencies don’t act more quickly on reports of SSN-only identity theft.

San Diego-based immigration rights advocate Lilia Velasquez sees similar cases in her practice all the time. Imposters run the spectrum from hardened criminals who ultimately take out loans in the victim’s name to well-intentioned Mexicans who are simply doing what they need to do to get a job and feed their families. “It’s not that these people intentionally and maliciously stole someone’s name and identity. … They may feel that they are using the number out of sheer need,” she said.

But victims like Holli should do what they need to do to protect their identities, Velasquez said. “That’s a situation which needs to be investigated until the issue is resolved.”

While no one seems to be able to do anything in cases of SSN-only identity theft, there is a clear indication that perhaps some rethinking of the laws may be in order. Three years ago a Chicago woman discovered that 37 people had used her SSN to obtain employment. But the use of the SSN doesn’t show up on credit reports so it won’t show up in credit monitoring. And since wages earned by the imposter aren’t credited to the victim, it won’t show up on an annual Social Security statement. The only way to discover the misuse is through chance.

What things do you do to safeguard your information? What do you teach your end users to do?