This editorial appeared in the St. Louis Post-Dispatch on Wednesday, Oct. 18:
LAST month's announcement by Equifax that its consumer-credit database suffered a catastrophic hacking attack meant that nearly half of all Americans had their Social Security numbers and vital financial information exposed to theft. The threat of massive-scale identity theft is very real.
Equifax is only the latest of multiple, large-scale data-hacking incidents. It's time for the federal government to come up with a more secure identification code to protect citizens. That's not just our assessment; the White House cybersecurity coordinator, Rob Joyce, also has concluded that the Social Security numbering system has "outlived its usefulness."
Think about your own Social Security number and the hundreds of times you've shared it with companies, schools, doctors, government agencies or other institutions that insisted they had a legitimate need for it. Always with the promise to keep it confidential, of course. Older Americans can recall when their Social Security numbers were used on their driver's license or university IDs. There were those nine digits, for all to see.
Really industrious hackers can find Social Security numbers by accessing old court documents. No one is safe, and it really comes down to whose number hits on the hacking roulette wheel of chance. There has to be a better, more secure way.
"It's a flawed system," Joyce told the Washington Post this month. "If you think about it, every time we use the Social Security number you put it at risk. By interacting with it, you've given a key piece of information out publicly." Joyce wants the government to consider more modern means of providing citizens with a unique identifying code that can be used for transactions but also remain protected from hackers. He calls it a "modern cryptographic identifier."
The longer the nation delays such an update, the greater the vulnerability we all will face. Right now, anyone who accesses basic information on Facebook or a simple Google search can identify where you grew up. That helps identify where you lived when your Social Security number was issued. That simple information helps reveal the first three digits of your Social Security number.
The last four digits are numbers we all routinely give out when speaking to customer service representatives to straighten out, say, credit card or phone billing questions. So seven of the nine digits already are vulnerable. Programmers have designed a computer algorithm that can accurately guess people's Social Security numbers 44 percent of the time.
That's scary. Americans are far too vulnerable. The potential losses from the Equifax breach alone could wind up in the billions of dollars. The cost of modernizing Social Security's numbering system also wouldn't be cheap.
Hackers around the world are betting the government will continue delaying and dithering. Sadly, they're probably right.