The Equifax hack that compromised 143 million Social Security numbers didn’t just destroy the country’s trust in credit bureaus; it also most certainly killed the use of SSNs for security and identity authentication.
The nine-digit SSN has been used for this purpose for years. Typically, the last six digits of a SSN are used because the first three digits correspond to where in the U.S. you were born.
For a security mechanism, it was an easy default, “but that number is now, thanks to Equifax, pretty much obsolete to things other than [receiving] Social Security [payments],” said Ira Rheingold, executive director of National Association of Consumer Advocates. To consumer advocates like Rheingold, that’s probably not a bad thing, since it probably should never have been used for that purpose. “Anyone who uses that for security is crazy,” he said.
The Social Security Administration told Yahoo Finance that the purpose of the number is to report earnings and track benefits. “It was not intended to serve as a personal identification document,” said Darren Lutz, an agency spokesperson. The Administration does not endorse any other use of SSNs.
TrustedSec is a highly specialized information security company made up of some of the industry’s most respected individuals. We work with our business partners to increase their security posture, helping to reduce risk and impact in an ever-changing cyber landscape.