"For years, government officials have urged consumers to protect
their social security numbers by giving out the nine-digit codes only
when absolutely necessary. Now it turns out that all the caution in the
world may not be enough: New research shows that social security
numbers can be predicted from publicly available birth information with
a surprising degree of accuracy.
By analyzing a public data set called the “Death Master File,” which
contains SSNs and birth information for people who have died, computer
scientists from Carnegie Mellon University discovered distinct patterns
in how the numbers are assigned. In many cases, knowing the date and
state of an individual’s birth was enough to predict a person’s SSN.
“We didn’t break any secret code or hack into undisclosed data set,”
said privacy expert Alessandro Acquisti, co-author of the study
published Monday in the journal Proceedings of the National Academy of Sciences.
“We used only publicly available information, and that’s why our result
is of value. It shows that you can take personal information that’s not
sensitive, like birth date, and combine it with other publicly
available data to come up with something very sensitive and
confidential.”
With just two attempts, the researchers correctly guessed the first
five digits of SSNs for 60 percent of deceased Americans born between
1989 and 2003. With fewer than 1,000 attempts, they could identify the
entire nine digits for 8.5 percent of the group."
Read more: http://www.wired.com/wiredscience/2009/07/predictingssn/
