Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OMB Website Exposes Thousands of SSNs

Zonk posted more than 7 years ago | from the good-managing dept.

Privacy 107

msblack writes "The New York Times is reporting that an Office of Management and Budget website accidentally exposed at least 30,000 social security numbers publicly online. As many as 100,000 to 150,000 individuals may have been affected. The cost to taxpayers just for notifications and credit monitoring is estimated to run $4 million. 'While there was no evidence to indicate whether anyone had in fact used the information improperly, officials at the Agriculture Department and the Census Bureau removed the Social Security numbers from the Census Web site last week. Officials at the Agriculture Department said Social Security numbers were included in the public database because doing so was the common practice years ago when the database was first created, before online identity theft was as well-known a threat as it is today. '"

cancel ×

107 comments

they're half right (4, Funny)

User 956 (568564) | more than 7 years ago | (#18816799)

The New York Times is reporting that an Office of Management and Budget website accidentally exposed at least 30,000 social security numbers publicly online.

Sounds like they got the "Social" part right... "Security", not so much.

When ? Why? out of Who/What/When/Where/Why (0)

Anonymous Coward | more than 7 years ago | (#18816895)

A story should have the following info -
  Who - Office of Management and Budget
  What - exposed at least 30,000 social security numbers publicly
  When - ????? Story on NY Times website says a farmer noticed it 'Last Week'.
  Where - Office of Management and Budget website
  Why - not particularly clear

Who/What/When/Where/Why

I think an effort on a story about an event should have this minimal info.

Re:When ? Why? out of Who/What/When/Where/Why (1)

zappepcs (820751) | more than 7 years ago | (#18817309)

Why?????

Because rules like Sarbanes-Oxley only apply to businesses, not government groups.

Was one of them mine? (0, Redundant)

kbarrett (191847) | more than 7 years ago | (#18816903)

>Department said Social Security numbers were included in the public database because
>doing so was the common practice years ago when the database was first created,
>before online identity theft was as well-known a threat as it is today. ... and if any company gave that same excuse they would still be liable, investigated, and be sued.

I wonder if they will inform the individuals whose numbers were compromised?

Oh no. (4, Funny)

Mockylock (1087585) | more than 7 years ago | (#18816835)

Was 565-459-9342 on the list? If so, can you please take it off?

Re:Oh no. (2, Funny)

Kawolski (939414) | more than 7 years ago | (#18816879)

Can you provide all your credit card numbers too just in case one of them are on the site?

Re:Oh no. (0)

Sponge Bath (413667) | more than 7 years ago | (#18817623)

Was 565-459-9342 on the list?

You can't fool us Mockylock.
That's your /. ID from the year 2143 and you've traveled back in time to make a first post.
Diabolical!

Re:Oh no. (1)

Plaid Phantom (818438) | more than 7 years ago | (#18818015)

You'd think if he had a time machine he'd bother to actually get the first post...

Re:Oh no. (1)

Redlazer (786403) | more than 7 years ago | (#18818477)

You must be new here.

Or...

Maybe the comment you made in response to his first post in the future was so harsh, so biting, so damaging to his very core, that he went back in time to prevent you from crushing his soul beneath your heel, like a child steps on an ant?

Huh? Why didn't you think of THAT!?

-Red

Re:Oh no. (1)

sumdumass (711423) | more than 7 years ago | (#18820873)

Sadly, in 2143, there will be a need for a post like that. I don't think we will ever get this privacy and security thing right.

I don't understand why SS numbers should be anywhere close to a web server for them to be accidentally exposed in the first place. Let alone why someone had access to the in order to accidentally expose them that didn't have enough sense to double check his work. I guess using a file servers to hold SS number lists and a completely separate webserver is too much to ask for when My taxes are as high as they are.

Re:Oh no. (1)

Mattintosh (758112) | more than 7 years ago | (#18820927)

I don't see why SSN's shouldn't be public knowledge. They're not for use by private institutions. They're for use by the Social Security Administration. No one should be using your SSN for identification, period.

Re:Oh no. (0)

Anonymous Coward | more than 7 years ago | (#18818361)

Not that I can tell. You can check at the mirror posted at archive.org [archive.org] .

Re:Oh no. (0)

Anonymous Coward | more than 7 years ago | (#18818541)

That is my SSN IRL, you insensitive clod!

Re:Oh no. (0)

Anonymous Coward | more than 7 years ago | (#18822133)

That's *my* SSN, you insensitive clod!!!

identity theft? (2, Interesting)

homer_s (799572) | more than 7 years ago | (#18816857)

Officials at the Agriculture Department said Social Security numbers were included in the public database because doing so was the common practice years ago when the database was first created, before...

anyone was stupid enough to identify people using a number which is not supposed to a secret.

30,000 SS numbers? (2, Funny)

Skevin (16048) | more than 7 years ago | (#18816881)

That's nothing. Right now, I'm going to threaten to expose every single SS number that has ever existed:

for ($i=1;$i1000000000;$i++) {
    echo $i . "\n";
    }

The first line of output is Strom Thurmond's or George Burns' SSN.

Solomon

Re:30,000 SS numbers? (2, Funny)

winmine (934311) | more than 7 years ago | (#18817103)

So your plan of attack is something like this?

Haxor: Hello I need to withdraw all of the money from my account. My SSN is 123-45-6789.
Teller: Is your name John Smith?
Haxor: Uh....yes.
Teller: Thank you, here is your money!

Re:30,000 SS numbers? (1)

sumdumass (711423) | more than 7 years ago | (#18820945)

I have walked into banks before and told the clerk I needed to withdraw money from my savings account and then proceeded to give them My account number from memory. Even though I have only been to this branch once or twice before, the teller looked up my account, filled out my withdraw slip and then asked me by _name_ to sign it.

The funny thing is that no one asked for ID or compared my signature and I doubt they knew who I was. The funniest thing about it, I didn't think twice about it until just now when reading your post about the super Haxor. I think I'm going to ask about that Monday when the banks are open again.

Re:30,000 SS numbers? (1, Funny)

Anonymous Coward | more than 7 years ago | (#18817245)

At least make the effort of printing dashes and leading zeros.

        int a, b, c;
        for (a = 0; a < 1000; a++)
                for (b = 0; b < 100; b++)
                        for (c = 0; c < 10000; c++)
                                printf("%03d-%02d-%04d\n", a, b, c);

Re:30,000 SS numbers? (0)

Anonymous Coward | more than 7 years ago | (#18818521)

for (a = 1; a = 3; a++){
ss += rand(0,9);
}
ss += "-";
for (b = 1; b = 2; b++){
ss += rand(0,9);
}
ss += "-";
for (c = 1; c = 3; c++){
ss += rand(0,9);
}

Re:30,000 SS numbers? (2, Informative)

notshannon (704145) | more than 7 years ago | (#18818889)

from http://www.ssa.gov/history/briefhistory3.html [ssa.gov]

Although, John Sweeney received the first SSN account, his was not the lowest number ever issued. That distinction fell to New Hampshire resident, Grace Dorothy Owen. Ms. Owen received number 001-01-0001.

Permanent Fix for SSN (4, Insightful)

HighOrbit (631451) | more than 7 years ago | (#18816893)

Here a permanent fix: render SSNs worthless for financial transactions by making it illegal for any entity besides the IRS, SSA, you employer and your bank to ask for a SSN or keep a record of a SSN for any purpose other than tax collection and Social Security. The employer and bank would only be allowed use it for tax reporting purposes. The credit reporting companies, banks, and data brokers might howl, but too bad. They can use other data identifiers, or even better, learn to personally know their customers beyond a mechanically created credit score tied to a SSN.

Re:Permanent Fix for SSN (0)

Anonymous Coward | more than 7 years ago | (#18817041)

The comment I am replying to is fucking awesome. Thats why no one will ever listen or take it into consideration.

Re:Permanent Fix for SSN (4, Interesting)

Qzukk (229616) | more than 7 years ago | (#18817139)

The credit reporting companies, banks, and data brokers might howl, but too bad.

Yes, too bad. It's obvious by now that the market is not going to come up with a solution for this on their own as long as they can use the SSN as a crutch. It's time to yank that crutch back out. The SSN should be discontinued and replaced with a tax id that should only be used for two things: reporting income to the government and paying your taxes or getting your refund. If someone steals my SSN, they're more than welcome to paying my taxes for me, and if they try to hide their income in my tax id we'll find out about it at the end of the year when my tax forms don't match the reports. And if I don't get my refund, well...

Re:Permanent Fix for SSN (1)

ivan256 (17499) | more than 7 years ago | (#18817205)

I have an even better idea. Just get rid of it entirely. The chaos in the financial community will die down rapidly, and the costs will be recovered over time from the lack of incidents like the one in the story.

The government collected taxes before social security. They didn't need a number for you back then...

The worst that could happen would be that it would be harder for the government, credit agencies and financial institutions to track you and information about you unless it is directly related to specific financial dealings, but that also seems like a 'win' to me.

PATRIOT Act (1)

w.p.richardson (218394) | more than 7 years ago | (#18817495)

The USA PATRIOT act mandates the presentation of a SSN or Tax ID number to open accounts at a financial institution. whee. [gcglaw.com]

Re:Permanent Fix for SSN (1)

LiquidCoooled (634315) | more than 7 years ago | (#18817559)

There is nothing wrong with having a unique identifier for distinguishing between your customers.
It should be public and fixed, it means that you can distinguish between two different 43 year old John Does from Queens (incidentally, they share a house).

The problem is not that it is unique, it is that banks assume it is private. There is no magic number a user can type into the keyboard with which a bank can tell if a user is being honest in their responses. *

Before you say but people can lie and give false information; they do that already and have done that since before we had this extra automatic part of our name.

Incidentally, how would you distinguish between the twins I mentioned earlier?

* Thinking about this, I wonder if when Trusted computing comes in the banks will begin to look at the ISPs for a list of known corrupt/hacked/blacklisted machines to get a thuthyness report on the machine, machines which are used to rip people off become blacklisted and you cannot perform financial things from them.

Re:Permanent Fix for SSN (1)

danomac (1032160) | more than 7 years ago | (#18819709)

Incidentally, how would you distinguish between the twins I mentioned earlier?


By their middle names, of course!

Re:Permanent Fix for SSN (1)

shaitand (626655) | more than 7 years ago | (#18820119)

'The problem is not that it is unique'

That is a problem as well. In the world of computer databases it has become far too difficult to be anonymous disappear or even stay private via a crowd.

If the bank wants to assign me a unique number so they can distinguish between me and other customers then that is great. I don't see any reason there needs to be a global fixed number that some other bank can refer to in order to find out information that is unrelated to my history with them.

The world functioned before we had social security numbers and credit reporting agencies. Bad guys were caught, terrorists sometimes stopped, sometimes not. Much like now.
 

Re:Permanent Fix for SSN (1)

sumdumass (711423) | more than 7 years ago | (#18820985)

You know, If the banks already blacklisted out of country IPs or at minimum made them go through a proxy that needed validated every so often, (minute) they could eliminate most of the phishing scams and likely stop/limit organized crime in other countries from emptying your accounts if you fall for the scam.

This could be something done without trusted computing.

Re:Permanent Fix for SSN (1)

DragonWriter (970822) | more than 7 years ago | (#18817641)

Here a permanent fix: render SSNs worthless for financial transactions by making it illegal for any entity besides the IRS, SSA, you employer and your bank to ask for a SSN or keep a record of a SSN for any purpose other than tax collection and Social Security. The employer and bank would only be allowed use it for tax reporting purposes. The credit reporting companies, banks, and data brokers might howl, but too bad. They can use other data identifiers, or even better, learn to personally know their customers beyond a mechanically created credit score tied to a SSN.


Certainly, stop easily discernable personal information like name and SSN as if it were a secret password that provides security. There is a need for verifiable identification that doesn't rely on in-person presentation and verification of identifying documents, though, but it needs to be secure, not the current SSN (though a "revised" SSN that worked something like a public key could be part of the system.)

Re:Permanent Fix for SSN (2, Insightful)

Shadowlore (10860) | more than 7 years ago | (#18817869)

Too late that law was passed decades ago. Later they changed their minds. How about we go one better and revert to it's original purpose: to identify your Social Security account? nah that won't do it either.

In 1976 they passed a law:
"To make, under federal law, unlawful disclosure or compelling disclosure of the SSN of any person a felony, punishable by fine and/or imprisonment."

Take a peek at http://yro.slashdot.org/comments.pl?sid=231667&op= Reply&threshold=3&commentsort=0&mode=thread&pid=18 816893 [slashdot.org]

You'll see them say repeated "no national id". Then it is followed with "but this other thing which we mandated means you need to have a defacto ID called the SSN". Yes that's a paraphrase but read the original and you arrive right there.

The "observed law" is simple:
As long as an entity such as the SSN exists, the government will spew rhetoric against it being used more and more as a form of ID while moving solidly and irrefutably in that direction. It doesn't require complicity or conspiracy, or malevolence. All it requires is some "need" to track, some "need for accountability" for some program ostensibly meant for the public welfare.

And it is set up in a way to deny you are required to have one. You are only required if you want to take advantage of some "benefit" the fedgov decides to "grant" you. You know, like not having your income taken from you. Like getting a job in the first place, or a bank account. These types of backdoor requirements feed conspiracy theories left and right. Sure, you aren't required to have one to live - officially. But if you want to do anything that living entails such as having a job, property, driving, banking, etc. you need one.

No, there is one and only one permanent fix: ban the existence of the SSN or any multi-agency identifier. Let each agency have it's own ID for people who it tracks err I mean services, and let there be no legal cross-checking between. Let the credit industry provide it's own identifier system. let the banking have it's own. Let Blockbusters have it's own.

But limiting the use of any ID will not solve it. You have to ban them. Of course, getting rid of those agencies that feel they need them is also another part of a complete solution.

Re:Permanent Fix for SSN (1)

jacksonj04 (800021) | more than 7 years ago | (#18818251)

Oh Gods no, you've gotta be joking. I have far too many numbers as it is, and most of them come from government agencies. National Insurance, NHS, Student Number, Driver Number, Passport Number, Voter Number, Birth Record ID, Disclosure ID Number.

How about keeping the common identifier so you don't have to remember if your number to put on the form is 184763X/HH8 or 0156-857-39, or maybe even Q-384DS09 and coming up with a decent security infrastructure so you can't have your entire identity stolen by somebody knowing only your number? How about something using a revokable licence mechanism which means individual groups of people can have their access to a common database of information limited to what they need and nothing more?

Just think, if you move house all those various groups you give your address to will just know. Your taxes could be done a lot quicker because the tax system can cross-reference automatically...

But of course then the evil government knows... uh... your address! And your tax details! And other details which they never knew before and couldn't possibly collate across all the government agencies that you tell these things to anyway!

Seriously, forcing less cooperation between agencies? Some branches of government in the UK have entire offices dedicated to keeping tabs on the paperwork required to exchange information with other agencies. I need to fill out a mass of paperwork in order to claim my student loan, all of which a government body somewhere will know anyway. My parents earnings are kept by inland revenue, my education details are known by UCAS (Not strictly government, but not far off) and my LEA, and my earnings are known by inland revenue. The fact I'm living in a house with my parents should be collated from the electoral roll and my birth certificate. It's not hard!

End rant, sorry but it's late and this kind of "The government wants to subvert us all if I tell them my address" gets on my nerves.

Re:Permanent Fix for SSN (1)

cyphercell (843398) | more than 7 years ago | (#18818685)

The way they're phasing out social security benefits, one might wonder as to what exactly the original purpose of the system actually was. "Sure it's ok to get rid of Social Security, but dammit don't lose those numbers!"

Re:Permanent Fix for SSN (1)

cybermage (112274) | more than 7 years ago | (#18817899)

making it illegal for any entity besides the IRS, SSA, you employer and your bank to ask for a SSN

That ship has sailed. SSNs aren't going anywhere and aren't getting reigned in with their entire purpose for exiting being outmoded.

If you want to do away with this kind of exposure, eliminate the need for the SSN to be propogated around with financial transactions. In order to do that, you'd have to eliminate the income tax. Who's up for paying 30%+ sales tax to replace the income tax so that they can keep their SSN private.

LifeLock (1)

k1e0x (1040314) | more than 7 years ago | (#18818405)


http://lifelock.com/ [lifelock.com] LifeLock is a fix for the problem of data theft and its a non-government fix making it more attractive, voluntary, and overall less expencive.

OMB.. What's that? (0)

Anonymous Coward | more than 7 years ago | (#18816909)

Office of Morons and Buffoons?

So how... (4, Funny)

FlyByPC (841016) | more than 7 years ago | (#18816925)

...does exposing 30,000 SSNs affect 100,000 to 150,000 people?

Oh, I get it. The original SSN recipient and the 3-4 ID thieves. Never mind.

Re:So how... (2, Funny)

HTH NE1 (675604) | more than 7 years ago | (#18817299)

So how does exposing 30,000 SSNs affect 100,000 to 150,000 people?
One of them was Kevin Bacon's.

Re:So how... (0)

Anonymous Coward | more than 7 years ago | (#18817437)

In soviet Russia, the SSN shares you...

Re:So how... (2, Funny)

number1scatterbrain (976838) | more than 7 years ago | (#18817455)

I exposed myself once. The cops asked me for my Social Security number.

Re:So how... (1)

Plutonite (999141) | more than 7 years ago | (#18817675)

I was dying to know, so I actually RTFA only to find that they had no answer either. Either they were lying about the initial figure or you are correct.

semi-secret number bad tool for ID (4, Insightful)

Hoplite3 (671379) | more than 7 years ago | (#18816933)

A "semi-secret" ID number is a bad tool for ID. You don't need to be an expert in cryptography to realize that a password sent around is plain-text is bogus.

The deeper issue is why identity theft is my problem. Shouldn't the credit agencies etc. be very very liable for loaning money to someone who is not me? It seems like they are part of the fraud whether they were willing participants or not. I should be able to collect damages when their negligent checking of my identity harms my credit score. Identity theft is a con job, where the perp convinces Visa (or whoever) that they are me. Usually, when cons happen, BOTH the conman and the victim are liable for damage caused. Suppose I conned you into thinking I was a cop and told you to drive me around while I robbed banks. You would still be accessory to my crime even if you claimed you didn't know better. Visa wants to (and currently is) claiming that they are not accessory to the theft of my credit score. That's not right.

The SSN is just a proxy for the fact that there are different standards for people citizens and corporate citizens.

Re:semi-secret number bad tool for ID (2, Informative)

Kattspya (994189) | more than 7 years ago | (#18818117)

I don't get this either. To me it looks like identity theft is mostly an north American problem. In Sweden we've got personal identification numbers that are used in all dealings with the state and sometimes when dealing with banks etc. It's your birth date followed by four digits and the last digits signifies male of female by being even or uneven. I haven't ever heard of any identity theft cases reported in the media. They may happen but they're not on the news or anywhere else.

I've seen a lot of ID-theft reported on different US sites and TV programs but I still don't get how it's possible. If someone issues a loan to a con man it should be their loss entirely and should be easily fixable. I cannot understand how this is an issue.

Can someone please tell me how this can me more than a small nuisance (i.e. that's not me fix it now please)?

Re:semi-secret number bad tool for ID (2, Interesting)

smoke'n'mirrors (310688) | more than 7 years ago | (#18818699)

The problem is twofold:

1. If somebody is the victim of identity theft, they are held responsible for any debts that the criminal creates in their name until they prove the theft occurred. The victim may not know the theft has occurred until months later, when collection proceedings have begun. The problem here is that it is incredibly difficult to prove that those debts were not created by the victim, and the victim can suffer years of harassing phone calls from debt collectors, and a bad credit rating. I don't know how Swedish debt collectors are, but here in the States many are virulent and threatening. (Even though that's illegal.)

2. The bad credit rating means that the victim will then be charged higher interest rates for mortgages, in most states higher auto insurance rates, and may be unable to get new loans for valid purposes (car, house, school, etc). Some employers run credit histories on potential employees. Some landlords run credit reports on potential renters. Some people find that they have been a victim of identity theft when they are trying to buy a house and get turned down for a mortgage.

It is hard enough to fix genuine mistakes; intentional misuse is a nightmare to unravel. The unending beaurocracy of the credit agencies hinders the solution and it is difficult for individuals to fight such a large system. In a nation built on capitalism, where the worse your credit is the more expensive and difficult your life becomes, this is a big big problem.

Re:semi-secret number bad tool for ID (1)

lawpoop (604919) | more than 7 years ago | (#18818901)

"Can someone please tell me how this can me more than a small nuisance (i.e. that's not me fix it now please)?"

The "now" part escalates it from being a nuisance to a process that can draw out from years. People have reported that it has been resolved at the nuisance level, but I have heard other stories of getting lawyers involved, which is an expensive process here in the US. It also affects your credit score to have outstanding issues, which affects the rate at which people will loan you money. If it takes months or years to resolve, this can pose problems in your life plans.

I think here in the US corporations have a more hostile relationship with their small-time at large public customers. At the beginning, US banks were charging their customers *extra* for on-line banking, even when it cost them less, while my Finnish buddies got the service for free ( Nowadays I think banks provide online banking for free -- maybe they used the initial charges to finance the new online-banking infrastructure they had to build) . Cell phone companies charge extra for text message service, even though it costs them less in terms of network bandwidth than providing voice service. All in all, I think Scandinavian companies still have some idea about providing for the society as a whole, whereas in the US, it's dog eat dog.

The credit card companies are going to lose money if they don't hold you accountable for the fraudulent charges. If they can drag the process out, they get to hold on to the money for that time, earning interest on it, and if you get frustrated and give up, they get to keep the money. And our lawmakers have no interest in interfering with the profitability of large corporations, over the interests of the consumer. That's my guess as to why it's more difficult in the US.

Twice I've had my credit card stolen (one local mugging and one pick-pocket over seas, and the fradulent charges were resolved in 3 months. However, when I initially reported my credit card stolen, the first company simply gave me mailed me another card with the same number, which means my account wasn't canceled and allowed the mugger to run up fraudulent charges. I called them a few hours after I was mugged. The second time, they canceled the *wrong* card. I called them the day after I got mugged, and the operator confirmed the card number she was canceling, which was the correct card when she read it to me. Fortunately the pick-pocketer didn't run up any bad charges; maybe he thought my cc company was on the ball and would cancel the card ( or maybe he couldn't get away with using a foreigner's card in the cash economy of Bolivia ). But this did give me problems with the legitimate companies who had my non-stolen but canceled card number. My conspiratorial mind says such 'mistakes' also makes money for the card company.

How does one do this? (1)

Diordna (815458) | more than 7 years ago | (#18816945)

How exactly does one "accidentally expose" all this secret-database stuff?

Re:How does one do this? (0)

Anonymous Coward | more than 7 years ago | (#18817251)

The SysAdmin probably tripped...and hit his keyboard...c-h-m-o-d- -7-5-5- -s-e-c-r-e-t---d-a-t-a-b-a-s-e. You know, an accident.

Mine (4, Insightful)

Sparr0 (451780) | more than 7 years ago | (#18816955)

My SSN is 427347246. This is not a secret. Everyone I have ever worked for knows this. Everyone who has ever drug screened me for employment. Everywhere that has ever had to tell the IRS about my gambling winnings. Half a dozen real estate agents. Over a dozen banks, and over a thousand bank employees. Anyone in earshot every time I have ever called my bank. Broward County got it right, publish them all, expose the farce that is SSN secrecy.

Re:Mine (1, Funny)

eln (21727) | more than 7 years ago | (#18817011)

Your home address, phone number, birthdate, and mother's maiden name are also not particularly secret. Can you post those too? I'm...um...working on a genealogy project.

Re:Mine (1)

Sparr0 (451780) | more than 7 years ago | (#18817473)

The first two are on my resume. The third on my profile with any number of online services. The fourth might be tricky, I wouldn't want to make it too easy for you :) For a hint, consider that the prefix on my SSN identifies where I was born.

Thanks.. (0)

Anonymous Coward | more than 7 years ago | (#18817095)

yes and with this number I can now make a fake identity of you, take a loan out in your name, and get as many credit cards as I want. (if you have a SSN you can reverse engineer other identity information from other sources.) Now I can call your university and gather all of your scholarly records posing as you. Medical records? Oh and how do you verify almost all of your billing information? the last 4 digits of your what?

The point is, someone who is willing to target you because you threw that out there (were talking millions of Russians and Chinese who live in poverty, along with a host of other nations) will do it. Maybe you will consider that next time you post your SSN to a board read by thousands of people.

Re:Thanks.. (2, Funny)

Sparr0 (451780) | more than 7 years ago | (#18817443)

Go ahead. I am not someone that you want to be. Good luck getting a loan or a credit card, I haven't managed it.

Re:Thanks.. (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18818449)

Go ahead. I am not someone that you want to be. Good luck getting a loan or a credit card, I haven't managed it.
Not posting your SSN online might be a good first step in getting that credit card.

Re:Mine (0)

Anonymous Coward | more than 7 years ago | (#18817271)

You should post how this works out for you...

Re:Mine (4, Interesting)

crabpeople (720852) | more than 7 years ago | (#18817771)

Well your name is Clarence Risher [72.14.205.104] . You may have attended austin university [apsu.edu] . LoL, dude I just found your resume so I think I win http://www.trifocus.net/~sparr/resume.html [trifocus.net] .

Address is

"122 G Stephanie Dr
Clarksville, TN 37042
(931) 980-2760 "


What else do I need for ID theft exactly?

Re:Mine (2, Interesting)

Sparr0 (451780) | more than 7 years ago | (#18817961)

Thanks for the reminder that my resume is out of date there, my current address shouldnt be much harder to find. Someone above mentioned my birthdate and mother's maiden name, you can come up with those with a little more work. I don't believe in identity theft. Identity borrowage, maybe. If some other guy is out there somewhere using all my info, what do I care? It's not me, and it doesn't impact me in the slightest. What you won't find online is my signature, which would be expensive and/or time consuming to convincingly fake even if you could. Ditto my fingerprints and retinal pattern. Double ditto my actual secret information, such as passwords and passphrases.

Re:Mine (1)

Faylone (880739) | more than 7 years ago | (#18818391)

So your method for protection from identity theft is to make it so they'll want to return it?

Re:Mine (1)

AndrewM1 (648443) | more than 7 years ago | (#18819155)

"What do I care?"

Umm... This is really an odd statement, here. What do you care that someone can convincingly file any sort of transaction under your name (SSN and Mother's Maiden Name). What do you care that someone could borrow $150,000, and put up your house as security. What do you care that someone could use your info to launder money, with a trail leading right to you when the feds look into it and an onus on you to prove it wasn't you?

Your signature isn't out there, correct. This also means that, when some guy turns up at an out-of-state (for you) bank and takes out a loan, the bank isn't comparing it either. If the guy has the SSN and MMN, he should be able to just scrawl down any signature, and to hell if it's yours. The bank'll believe him, hand him a bunch of cash that you'll later be liable for (or, at best, forced into lengthy and complicated legal proceedings just to have canceled).

In conclusion, I think you should very bloody well care. "Identity Borrowage" is one of the strangest ideas I've ever heard. It's like the argument regarding open wireless networks... "Why not leave my wireless network broadcasting to the world?" You'd probably well change that tune as soon as you were on the hook for someone's downloaded child porn or someone else's racked-up credit card debts in your name.

Re:Mine (3, Interesting)

shaitand (626655) | more than 7 years ago | (#18820243)

'Umm... This is really an odd statement, here. What do you care that someone can convincingly file any sort of transaction under your name (SSN and Mother's Maiden Name). What do you care that someone could borrow $150,000, and put up your house as security.'

These are all problems for someone with good credit and/or assets or maybe even money. For the majority of the population this is not the case. Most of us don't own a home or even a decent car. Most of us have no credit worth mentioning and probably bad credit besides. What difference does it make if the number you owe on paper grows? It isn't like you could have paid what was there anyway. A few more collectors harassing you? That is why you got a machine years ago. Time in court? Please, you can't afford to file bankruptcy, especially if the only purpose it serves to erase an imaginary debt (I say imaginary because the only chance it has of being paid or collected is in the imagination).

'What do you care that someone could use your info to launder money, with a trail leading right to you when the feds look into it and an onus on you to prove it wasn't you?'

The burden is on the feds, not on you. Someone must have gained access to your information, you never went to those places and conducted business. The guy on the bank security cameras wasn't you. The information and picture on the ID the bank photocopied doesn't match yours. How about proof of address? What did they use for that? If they used your address then you would have been sent paperwork before that became an issue. And even without any of that, a claim that someone else used your information is easily within the realm of reasonable doubt. The feds would have to prove not only that my information was used but that it was me who used it. That is of course assuming that you can manage to force your public defender to go to trial instead of plea bargaining. Typically they have enourmous case loads and often are regular attorneys who don't want to waste time on the freebie case.

Re:Mine (2, Insightful)

xlsior (524145) | more than 7 years ago | (#18820631)

These are all problems for someone with good credit and/or assets or maybe even money. For the majority of the population this is not the case. Most of us don't own a home or even a decent car. Most of us have no credit worth mentioning and probably bad credit besides. What difference does it make if the number you owe on paper grows?

Maybe now you don't care, but what about 5 years from now? 10 years? 20 years? Do you *ever* intend to buy a house? Would you like to receive medicare/medicaid/social security once you get old? Good luck proving you are 'you' when others applied for the same benefits in your name, especially if they've been able to impersonate you for years and have just as long of a 'history' with your information as you do yourself.

Remember, once your information is out there, it's out there for ever. It's like throwing your email address to a pair of spammers, they're never going to stop abusing it... With the big difference that a SSN can do a whole lote more damage.

Re:Mine (0)

Anonymous Coward | more than 7 years ago | (#18821489)

>> What do you care that someone could borrow $150,000, and put up your house as security.

Dude! His resume said "Radio Shack Sales Associate"... There is no house.

30k for 150k people? Huh? (1)

nsanders (208050) | more than 7 years ago | (#18817061)

So 30,000 SS#'s were exposed, and 150k people might be in trouble? So.. does that mean for every SS# 5 people share it?

Of course (1)

WindBourne (631190) | more than 7 years ago | (#18817619)

We call them illegals.

Re:30k for 150k people? Huh? (2, Informative)

DragonWriter (970822) | more than 7 years ago | (#18817687)

So 30,000 SS#'s were exposed, and 150k people might be in trouble?


The person who noticed the SSNs were available identified approximately 30,000 records with SSNs (not sure if that corresponds to 30,000 SSNs, or more -- because each record might have more than one -- or less, because there might be dupes.)

The subsequent review by the Agriculture Department suggested 100,000 to 150,000 people may have been affected, which I would assume reflects the range of social security numbers that may have been exposed.

What happened to privacy act and common sense? (4, Insightful)

Shadowlore (10860) | more than 7 years ago | (#18817069)

What is disturbing to me is not that these SSNs were exposed, but that they were simply included in "other" databases to begin with. We were told that our SSNs would be limited only to those entities that had a legitimate reason to NEED it. The fact that they were included as a matter of common practice belies this claim. The reference to "before identity theft was a problem" is unadulterated crap. Identity theft has been a problem since biblical times (Jacob and Esau)! The reference to it is a red herring.

What should have been happening is that SSNs should not simply be included in various databases. They should have been following the rules that we were told they were. Whether or not that was successful, they should have had policies and processes for vetting the database for privacy issues prior to dumping it online. Federal privacy laws predate the Internet. The basic notion of checking your data for data that should not be publicly available predates the Internet.

IMO this is similar to the claim that "nobody imagined using airplanes as missiles before 9/11". The problem of Identity Theft existed, was well documented, and alone should have given them reason to examine their DB first. The basic laws on privacy should have. And failing that common sense should have. This is a failure on many grounds.

Good enough. (1)

Trojan35 (910785) | more than 7 years ago | (#18817243)

There's a reason the expression "good enough for gov't work" exists.

Re:What happened to privacy act and common sense? (1)

DragonWriter (970822) | more than 7 years ago | (#18817793)

What should have been happening is that SSNs should not simply be included in various databases.


No, that's not true. What should be happening is that SSNs should not be useful for identity theft, since (whether or not they are in public databases), SSNs—because they are also tax identifiers for individuals and thus mandatory in a wide number of applications—are not secrets suitable for identification purposes in the first place.

OTOH, a public identifier like the SSN that serves the role of a tax ID would make sense as public key in a more secure identification system; the trick is designing the rest of the sytem.

Even with "minimum disclosure" (something that, mandatory as it may be, seems rather elusive) SSNs aren't secret enough to be relied on the way they are for identification.

Is this digg?! (1)

powerpants (1030280) | more than 7 years ago | (#18817171)

I first read the headline as "OMG Website Exposes Thousands of SSNs" and wondered if I had typed in digg.com by accident. Of course, if I had, it would read, "OMG!!! Top 10 AMAZING Websites that Expose SSNs!!!!111!1!ones!!! [PICS]"

Re:Is this digg?! (1)

AKAImBatman (238306) | more than 7 years ago | (#18817829)

I first read the headline as "OMG Website Exposes Thousands of SSNs"

Why would the Object Management Group have SSNs on file?

you know, if they just (1)

geekoid (135745) | more than 7 years ago | (#18817187)

mandated that credit card agency could no longer use or collect SSN in anyway, this probelm would go away.

The credit card agencies can use their own number systems.

Yes, that system might be comprimised, but damage will always be limited to the CC agencies.

Re:you know, if they just (1)

pcmanjon (735165) | more than 7 years ago | (#18817543)

> The credit card agencies can use their own number systems.
> Yes, that system might be comprimised, but damage will always be limited to the CC agencies.

Yes, and damages will be the liability to the CC agencies as well. This is why they do not do it. This is why the government doesn't push away SS#'s

If your CC company came up with its own identification system -- and said system was compromised with your identity stolen, they would be liable for your damages. The way it works now, if your SS is stolen from your CC company, your CC company can say "Ooops. Such is a flaw with the SS# system... oh well. Good luck with your damages and theft...!"

This is a major problem that needs to be dealt with by our government. Unfortunately major problems are /never/ dealt with. If a company gets compromised and information stolen by a criminal -- the COMPANY needs to be responsible for it. Why do the victims just have to "deal with it" and the companies responsible don't foot the bill?

Nothing Has Changed (0, Offtopic)

Doc Ruby (173196) | more than 7 years ago | (#18817269)

We've given these Bush "administration" jerks a blank check for years for security, after they barked "PRE-9/11 THINKING!!!" at anyone suggesting they were going too far, it wasn't worth the tradeoffs, or they were incompetent.

So they have taken all the power and money, and given us ZERO extra security, while routinely sending us into more and worse danger.

And if anyone had any doubts about how much this Bush regime thinks we're idiots, just watch a replay of their Attorney General shabbily lying and denying his way through even the most basic questions about how he runs the Justice Department. That's the guy in charge of the FBI.

Thanks, Republicans!

Re:Nothing Has Changed (1)

Doc Ruby (173196) | more than 7 years ago | (#18819011)

Moderation -1
    100% Offtopic


You might not like my post, but it's not "Offtopic". Especially when the summary includes this Bush "administration" official running away from responsibility for this breach by saying:

Officials at the Agriculture Department said Social Security numbers were included in the public database because doing so was the common practice years ago when the database was first created, before online identity theft was as well-known a threat as it is today.'

In other words, it's OK because they use "pre-9/11 thinking" about including SS#s.

TrollMods think the topic is "all the good news coming out of the Agriculture Department". It's really "Bush misadministration".

Thanks a Lot, FDR (3, Interesting)

MarkPNeyer (729607) | more than 7 years ago | (#18817305)

The entire social security program is absurd. Ignoring the economics of the retirement portion of the program, using SSN's for identification is a terrible idea. The program was never initially designed for the numbers to be used as ID's, but the need for one was so overwhelming that people started accepting them.

Scrap the entire Social Security program. If you think the government ought to force people to prepare for their retirement, withdraw money from their paychecks and put it in a personal account for them. Hell, even a bank account with 1% interest would give you a better return than social security, and it guarantees ownership of your money, instead of allowing the government to waste it building bridges to nowhere when you die.

Once that's done, let's design a proper identification system, so it doesn't matter if someone gets your ID number.

Re:Thanks a Lot, FDR (0)

Anonymous Coward | more than 7 years ago | (#18817651)

Having all that money in the general fund since Johnson lets them hide Enron-loads of debt on the balance sheet. I'd doubt congress would give that up for our security. Not like any of them will actually need SS.

Re:Thanks a Lot, FDR (2, Insightful)

lawpoop (604919) | more than 7 years ago | (#18818073)

"Hell, even a bank account with 1% interest would give you a better return than social security,"

Not if you get disabled at 25 and you draw social security benefits for the rest of your life.

Social Security is an insurance program. If we got rid of it, we would have destitute old people living out on the streets, like they did during the depression. If that's the society you want to live in, fine. I don't want to see that one bit.

Re:Thanks a Lot, FDR (1)

jdludlow (316515) | more than 7 years ago | (#18819791)

Not if you get disabled at 25 and you draw social security benefits for the rest of your life.
Social Security is an insurance program.

Please explain why I'm responsible for your insurance bill.

Re:Thanks a Lot, FDR (1)

lawpoop (604919) | more than 7 years ago | (#18819837)

It's part of the social contract. If you want to live in a place without government, move to the middle of the Amazon or Somalia, and live under tribe/gang warfare.

Re:Thanks a Lot, FDR (1)

Shadowlore (10860) | more than 7 years ago | (#18818193)

If you think the government ought to force people to prepare for their retirement

Lets stop here for a moment. Lets expand that statement...
"If you think government ought to use the threat of imprisonment or death to force people to prepare for their retirement".

Because that is what that force means. It also means that you take away their rights and ability to handle their current situations and needs by removing that money from their control. Perhaps for some people using that money to pay of credit debts, or to prevent them is just as good, or even better for them. After all going into retirement with no debts is a damned good way to go. What good is a SS payment of 800 per month if you have credit debts that high that you have to pay off?

Let people decide for themselves what is best. If people choose to not save and can't make it tough. Nothing says you should not educate them, provide information on it. But if you look at the history of declining savings it tracks the rise of social security quite curiously. Could there be a relation there? Probably so. Lo0ok at the shock of retirees that found SS wasn't enough, and as a result of SS didn't do it on their own. ANd to think once upon a time the US Supreme Court said the government had no constitutional authority for a general retirement program.

But then FDR came along and threatened the Supreme Court with adding more justices to it to get what he wanted, thus bullying a swing vote on the court to change and accept FDR's policies as constitutional. Go ahead, research the history of FDR and the Supreme Court. Look at the massive reversal of judgements at that point. No small wonder this isn't taught in US high schools.

The New Deal sure sounds like The Screw Deal. Today it looks like it too.

Re:Thanks a Lot, FDR (1)

zCyl (14362) | more than 7 years ago | (#18819393)

If people choose to not save and can't make it tough.

Without SOME sort of government program to insure such, it is impossible to guarantee a retirement fund. Read the history [wikipedia.org] which inspired the program and understand how a solution is necessary. When the economy is okay it's easy to postulate that everybody should just take care of themselves, but the economy does not always STAY okay. It is times like that when a civilized society does not throw it's old people out to rot on the street, which is the outcome of your suggestion.

Re:Thanks a Lot, FDR (2, Insightful)

TubeSteak (669689) | more than 7 years ago | (#18819291)

The entire social security program is absurd. Ignoring the economics of the retirement portion of the program
I'm not sure what set of facts you're working from, but the economics of the social security program are fine.

The problem has been decades of Democratic and Republican Congresses skimnming surplus money off the SS trust fund to cover their budgetary problems.

Remember how part of Al Gore's 2000 Presidential campaign was to put Social Security funds into a "lock box"? Even then it was too late to 'save' SS.

Maybe if Clinton had actually locked up SS funds at the beginning of his Presidency, the system would be solvent for the long run (>50 years).

Re:Thanks a Lot, FDR (1)

Mattintosh (758112) | more than 7 years ago | (#18821047)

Social Security is broken and needs repair.

When it was started, the average life expectancy was 62 and the benefit collection age was 65. This was by design.

Now, the average life expectance is 82. The benefit collection age needs to be raised, no exceptions, to 85. If you're 73 and collecting already, too bad. Get a job for another 12 years. If you're 64 and feeling entitled, get over it. Suck it up and keep working. Work is a contribution to society as well as a way to keep your mind active. Retirement is your final breath before you die. If you want to just roll over and die, do so. Otherwise, quit complaining. Once you've outlived the average, then we'll carry you along. Until then, you're just another one of us.

As for ID, well, SSN's should be public knowledge. No one should be relying on them for secure ID.

What is SSN? (1)

kosmosik (654958) | more than 7 years ago | (#18817337)

Just for the rest of the world please explain. :)

Re:What is SSN? (3, Informative)

MarkPNeyer (729607) | more than 7 years ago | (#18817401)

Every American citizen is issued a "social security number." Social Security is a "retirement" program instituted by the American government to provide for its citizens when they retire. The numbers are now used largely to identify citizens by banks, schools, hospitals, and many other organizations. If you have someone else's social security number and driver's license, you can most likely apply for a line of credit in their name.

It's basically a combination user-id and password which is transmitted in plain text. Very stupid.

Re:What is SSN? (1)

kosmosik (654958) | more than 7 years ago | (#18817627)

> If you have someone else's social security number and driver's
> license, you can most likely apply for a line of credit in their name.

So it is basically flawed since it needs to be a secret and also needs to be known to number of people (like clerks and so on)? Very, very stupid.

Re:What is SSN? (1)

MarkPNeyer (729607) | more than 7 years ago | (#18817679)

Yup. You've got it. You're supposed to keep it 'secret' but you have to give it out to a lot of people all the time. It's a really stupid system. George W Bush proposed getting rid of it, but the democrats howled and their really wasn't much popular support.

Re:What is SSN? (1)

pcmanjon (735165) | more than 7 years ago | (#18817587)

It's a number issued by the US government to people for payroll deductions for old age, survivors, and disability insurance. Anyone who works regularly must obtain a SSN. Many institutions use this number as the student ID number. Because it is unique to each individual, it is widely used as a personal identification number for banks, CC companies, insurance companies, and whoever else to tie a person in a database with an ID.

Good thing I refuse to respond to the census (0)

Anonymous Coward | more than 7 years ago | (#18817343)

Unless it was a database of people who failed to respond to the census.

Acronym abuse (1)

justkarl (775856) | more than 7 years ago | (#18817351)

OMB Web giving out SSNs to NWHIPBs(Nerdy White Hackers In Parents Basement)? OMFG!! STFU!!

Isn't an SSN a SUBMARINE? (1)

mmell (832646) | more than 7 years ago | (#18817427)

I think TFA means SSAN's? Of course, exposing thousands of SSN's would be quite a trick - being as our Navy hasn't got nearly that many of 'em, and goes to great pains to hide 'em.

Whose website? (1)

DragonWriter (970822) | more than 7 years ago | (#18817551)

The New York Times is reporting that an Office of Management and Budget website accidentally exposed at least 30,000 social security numbers publicly online.


No, actually, the New York Times is reporting that a publicly-released database from the Census Department related to Agriculture Department contained social security numbers. The connections with the OMB are:
1) Questions about the release were directed to the OMB because the OMB, among other things, coordinates information policies for executive branch departments.
2) The nongovernment website through which the presence of the SSNs in the database was discovered was one run by a group whose parent is "OMB Watch", a public "watchdog" organization.

Everyone gets all huffy that commenters don't RTFA, but how can you be surprised when, apparently, those writing the summaries don't, either?

And let's not even get started on the laughable concept of Slashdot "editors".

The third time it's enemy action. (2, Insightful)

SpaceLifeForm (228190) | more than 7 years ago | (#18817635)

  1. SEC [cnn.com]
  2. DOJ [arstechnica.com]
  3. OMB [nytimes.com]

"Once is happenstance. Twice is coincidence. The third time it's enemy action."

Re:The third time it's enemy action. (3, Informative)

lawpoop (604919) | more than 7 years ago | (#18818001)

Re:The third time it's enemy action. (1)

lawpoop (604919) | more than 7 years ago | (#18818603)

FYI, Wayne Madsen's conspiracy theory is that these data thefts are a black op that is being used to populate Total Information Awareness [wikipedia.org] databases, which itself now is a black op.

People still use SSN's? (2, Insightful)

Demona (7994) | more than 7 years ago | (#18817775)

I would have thought that silly Ponzi scheme discredited decades ago.

pot, kettle, black (1)

Mr 44 (180750) | more than 7 years ago | (#18818431)

"It is most unfortunate that at least one agency has been inserting personally identifiable information into this database for a number of years," [Gary Bass, executive director of OMB Watch] said. "I'm amazed that, all these years, no one at the Department of Agriculture noticed that they were putting Social Security numbers into a public database."


Uhhh, dude, if your organization is called "OMB Watch" and hosting a mirror of the database, shouldn't you have noticed that the database contained SSNs??? Not watching too closely, are you? ;)

Treat the illness, not the symptoms (1)

Dachannien (617929) | more than 7 years ago | (#18818433)

Everyone with power to do something about the situation always wants to limit the distribution of SS#'s, credit card numbers, and other personally identifiable information, as if somehow this will solve identity theft. That's security through obscurity - your SS# is not a password, and trying to keep it secret and keep it safe only leads to failed security.

The solution is to implement a scheme whereby we can still use SS#'s as an identification number, but where we don't use it as a verification of identity.

I'm in favor of a voluntary scheme where people can register with a (currently hypothetical) government "identity clearinghouse" that checks with the registrant upon any request by a financial institution to determine whether a request for credit is legitimate or not. Financial institutions would be forbidden by law to extend credit or open an account in the name of someone who is registered with the clearinghouse if the identity of a credit requestor can't be confirmed as being the same as the clearinghouse registrant. To change your registration information, you would have to show up in person with a photo ID at an appropriate government office (e.g., DMV).

It wouldn't completely eliminate all possibility of identity theft, but it would make these sorts of wholesale raids on identity information worthless, especially when done from outside the country. And if personally identifiable information becomes worthless due to proper identity verification, people will stop bothering to steal it.

AW;ESOME fp (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#18819741)

Core team. They ASSHOLE TO OTHERS member. GNAA (GAY And piis cocktail. You are a screaming
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...