Researchers: Social Security Numbers Can Be Guessed
By Brian Krebs
Washington Post Staff Writer
Monday, July 6, 2009; 6:05 PM
Researchers have found that it is possible to guess many -- if not all -- of the nine digits in an individual's Social Security number using publicly available information, a finding they say compromises the security of one of the most widely used consumer identifiers in the United States.
Many numbers could be guessed at by simply knowing a person's birth data, the researchers from Carnegie Mellon University said.
The results come as concern grows over identity theft and lawmakers in Washington push legislation that would bar businesses from requiring people to supply their Social Security number when purchasing a good or service.
"Our work shows that Social Security numbers are compromised as authentication devices, because if they are predictable from public data, then they cannot be considered sensitive," said Alessandro Acquisti, assistant professor of information technology and public policy at Carnegie Mellon University, and a co-author of the study.
A Social Security Administration spokesman said the government has long cautioned the private sector against using a Social Security number as a personal identifier, even as it insists "there is no fool proof method for predicting a person's Social Security Number."
"For reasons unrelated to this report, the agency has been developing a system to randomly assign SSNs," which should make it more difficult to discover numbers in the future, Mark Lassiter, a spokesman for the Social Security Administration, said by e-mail.