×

Op-Ed: Equifax hack reveals how absurdly at risk Americans are with their Social Security numbers

  • Changing a Social Security number is an onerous process.
  • Hundreds of millions of Americans have had private information, including Social Security numbers, stolen.
  • The number of Americans able to change their Social Security number in recent years has been limited to a few hundred.

The Equifax hack reveals something that is absurdly obsolete: your Social Security number.

The Equifax CEO, Richard Smith, announced his sudden retirement on Tuesday following an epic data breach affecting 143 million people. The announcement comes just a week before he was to testify before the Senate Banking Committee. While his questionable retirement announcement makes for some interesting drama, the real backstory to this is that now is the time to get rid of Social Security numbers.

The amount of identity theft going on in America has been out of control for a long time already. You'd think that if we could just change everyone's Social Security numbers, like changing a password or a credit card number, all past identity threats would be eliminated. With that, we could get a fresh start with some new — and private — form of electronic or biometric tax ID. You'd think it, but that would be too easy, unfortunately.

Equifax employees at a conference in 2017.
Source: Equifax
Equifax employees at a conference in 2017.

Social Security numbers were first handed out in 1936 as a way to keep track of earnings history. They were not meant to be a source of identification. It used to say that right on the Social Security cards. To date, more than 450,000,000 nine-digit combinations have been issued; there are about 1 billion combinations, so no need as of yet for any to be recycled. Do you know what happens to your SS number when you die? It's enough to know that it outlives you.

This pre-WWII relic, nine digits — no letters or symbols — is the primary target of hackers for obvious reason. Everything about us — credit history, tax filings, insurance applications, Medicare/Medicaid applications, credit applications, college admissions applications, hospital admissions, assisted-living facility admissions, DMV, etc. — is attached to your Social Security number. And the worst part? We're stuck with the same nine-digit number for life. It is very difficult to change your number, and only by meeting very strict, onerous guidelines put out by the Social Security Administration can it be done. According to Consumer Reports, in 2014 only 249 Americans got their Social Security number changed.

More from Securing Our Future:
Sen. Bob Corker advises his own family to avoid everything Equifax

The recent Equifax hack early this month is a case in point. 143 million people had their Social Security numbers, along with other private data, stolen. Did you visit www.equifaxsecurity2017.com to see if your private info was stolen? I did, and I'm on the list, which really didn't surprise me at all. Even if you did check, thieves could save your info for years and use it down the road when you think the Equifax hack is old news. And if you were spared the Equifax hack and think your Social Security number is secret, think again.

Among reasons given why Social Security numbers can't be changed:

  • An individual's entire credit history is attached to it.
  • It won't be updated automatically at all government agencies.
  • Even if you could get a new one, the old one will still be active and used for your credit and IRS history.

Basically, we're stuck with it.

Going forward, I'd like to see the Social Security Administration start using a new electronic form of a Social Security number for new applicants, including newborns. Also, it would be great if young people, especially those under 18, could receive a new electronic version, since they are most likely to not have a credit history. For the rest of us, a permanent credit freeze linked to our Social Security numbers is an option, combined with a new and improved version of ID — using multifactor authentication — for new credit applications. The old credit report information will still be there under the Social Security number, but no one would be able to use the old number to apply for credit. And a person can change all their credit card numbers so they won't be reflected on the old credit report.

It would mean everyone would have two credit reports. But look, you should expect to be hacked — so putting a Social Security number and old credit info in cyber-cryogenic freeze may be about as much as we can ever expect to get back.

By Mitch Goldberg, president of investment firm ClientFirst Strategy. Follow him at @Mitch_Goldberg

Homeland Security Advisor Tom Bossert and Palo Alto Networks CEO Mark McLaughlin headline the Cambridge Cyber Summit on Oct.4 in Boston. Click here for more information and tickets.

Cyberthreats

Cambridge Cyber Summit Videos

Tech

Latest Special Reports

  • Frontline insights and unique views on key issues and challenges facing today’s CFOs.

  • The latest CNBC Fed Survey.

  • Net/Net promo

    Examining how top companies promote and manage innovation, leverage rapid change and use technology to grow exponentially.

For sponsorship opportunities, please contact: Alisha Hathaway.

For all press and media inquiries, please contact: Jennifer Dauble.

For all speaker and editorial inquiries, please contact: Dennis O'Brien.