Carnegie Mellon University researchers have figured out a way to calculate several — and in some cases all — of the numbers in a person’s Social Security number.
It seems to just confirm what the Social Security Administration has warned for years, that your Social Security number should not be used for confidential identification.
Carnegie Mellon researchers have a Web site called the “SOS Social Security Number Watch,” which gives users the ability to probe information about a specific number.
“If you can successfully identify all nine digits of an SSN in fewer than 10, 100 or even 1,000 attempts, that Social Security number is no more secure than a three-digit PIN,” the authors wrote.
The Web site says:
The Washington Post explained how the researchers figured out how to unlock the Social Security code:
“The Social Security number’s first three digits — called the “area number” — is issued according to the Zip code of the mailing address provided in the application form. The fourth and fifth digits — known as the “group number” — transition slowly, and often remain constant over several years for a given region. The last four digits are assigned sequentially.
“As a result, SSNs assigned in the same state to applicants born on consecutive days are likely to contain the same first four or five digits, particularly in states with smaller populations and rates of birth.
“As it happens, the researchers said, if you’re trying to discover a living person’s SSN, the best place to start is with a list of dead people — particularly deceased people who were born around the time and place of your subject. The so-called ‘Death Master File’ is a publicly available file which lists SSNs, names, dates of birth and death, and the states of all individuals who have applied for a number and whose deaths have been reported to the Social Security Administration.”
