Universities/Colleges are the Riskiest
Research conducted by Robert Siciliano, Identity Theft expert, on behalf of McAfee
Cases of identity theft are skyrocketing, and 32% of all ID theft victims had their social security number compromised according to Javelin’s 2010 Identity Fraud Survey Report. In honor of National Identity Protection week, McAfee set out to reveal the most dangerous places to leave your social security number.
When your Social Security number is used to commit fraud, it feels very personal. It can take hundreds of hours and sometimes thousands of dollars to rectify this violation.
Criminals find these crucial nine digits on discarded files in dumpsters, inside an organizations’ file cabinets, in any of the hundreds of databases maintained by government, corporate, and educational institutions, or even in public records, which are freely accessible on the Internet.
Robert Siciliano, on behalf of McAfee, analyzed data breaches published by the Identity Theft Resource Center, Privacy Rights Clearinghouse and the Open Security Foundation that involved Social Security number breaches from January 2009 – October 2010 to reveal the riskiest places to lose your ID.
The top 10 most dangerous places to give out your Social Security number are:
#1 – Universities/Colleges (108)
#2 – Banking/Financial Institutions (96)
#3 – Hospitals (71)
#4 – State Governments (57)
#5 – Local Governments (44)
#6 – Federal Governments (33)
#7 – Medical Businesses (27) (Please note: These are businesses that concentrate on services and products for the medical field such as distributers of diabetes or dialysis supplies, medical billing services, pharmaceutical companies, etc.)
#8 – Non-Profit Organizations (23)
#9 – Technology Companies (22)
#10 (tied) – Medical Insurance and Medical Offices/Clinics (21)
Your Social Security Number is Your National ID
For the past 70 years, the Social Security number has become our de facto national ID. The numbers were first issued in the 1930s to track income for Social Security benefits. But functionality creep, which occurs when an item, process, or procedure ends up serving a purpose that it was never intended to perform, soon took effect.
Here we are, decades later, and the Social Security number has become the key to the kingdom. You’re forced to disclose your Social Security number regularly, and it appears in hundreds or even thousands of files, records, and databases, accessible to an untold number of people.
What’s the danger of it getting into the wrong hands? Anyone who does access your Social Security number can use it to impersonate you in a hospital, bank, or just about anywhere else.
Hackers are Getting the Key to your Credit
Any organization that extends any form of credit is going to need your name, address, date of birth, and Social Security number in order to verify your identity and run a credit check. This means hospitals, insurers, banks, credit card companies, car dealerships and other retailers, and even video rental stores.
Now more than ever, criminal hackers are hacking into databases that contain Social Security numbers and using the numbers to open new financial accounts. Criminals use stolen Social Security numbers to obtain mobile phones, credit cards, and even bank loans. Some victims whose Social Security numbers fell into the hands of identity thieves have even had their mortgages refinanced and their equity stripped.
When should you provide your Social Security number, and when should you refuse?
According to the Social Security Administration, you should:
1. Show your card to your employer when you start a job so your records are correct
2. Provide your Social Security number to your financial institution(s) for tax reporting purposes
3. Keep your card and any other document that shows your Social Security number on it in a safe place
4. DO NOT routinely carry your card or other documents that display your number
But beyond that they have no advice and frankly, no authority.
A federal law, 42 USC Chapter 7, Subchapter IV, Part D, Sec. 666(a)(13), enacted in 1996, determines when the numbers should be used. The law requires Social Security numbers to be recorded for “any applicant for a professional license, driver’s license, occupational license, recreational license or marriage license.” It can be used and recorded by creditors, the Department of Motor Vehicles, whenever a cash transaction exceeds $10,000, and in military matters.
What happens when you refuse to give out your Social Security number?
– Many people refuse, and quickly discover that this creates a number of hurdles that must be overcome in order to obtain services. A demand may be made that you, the customer, jump through a series of inconvenient hoops.
– Most customers are denied the service altogether, and from what we can tell, this is perfectly legal.
– When faced with either option, most people give up, and hand-over their number.
These organizations often state the Social Security number requirement in their terms of service, which you must sign in order to do business with them. They acquire this data for their own protection, since by making a concerted effort to verify the identities of their customers, they establish a degree of accountability. Otherwise, anyone could pose as anyone else without consequence.
Although I’d rather not, I frequently provide my Social Security number. But I do take steps to protect myself, or at least to reduce my vulnerability.
Tips To Protect Yourself:
1. In honor of National Protect Your Identity Week (October 17-23, 2010), check your credit report this week using a reputable firm such as, Experian, and set reminders every three months to review it again.
2. You can refuse to provide your Social Security number.
3. Invest in an identity protection service. Because there are times you cannot withhold your Social Security number, an identity protection service can monitor your bank information and your personal ID. McAfee® Identity Protection (CounterIdentityTheft.com) will alert you, help prevent loss of personal information, allows unlimited checks of your credit, credit monitoring, scanning of the internet and identity fraud resolution.
4. Securely dispose of mail. The standard advice is to thoroughly shred preapproved credit card offers and anything that includes any account information. While this is good advice and should be heeded, it’s not going to protect you when your bank or mortgage company or utility provider tosses your information in a dumpster that is subsequently raided by identity thieves.
5. Opt out of junk mail and preapproved credit card offers. This is good advice and can be done at OptOutPrescreen.com. However, even if you opt out of new offers, others will still arrive. It’s inevitable. You also need to get a locking mailbox, but that still won’t fully protect you.
6. Lock down your PC. McAfee Total Protection™ software is the most comprehensive security tool to protect your computers data.
Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing Social Security Numbers as National IDs on Fox News. (Disclosures)