Even careful people who don’t disclose their social security numbers (SSNs) unless absolutely necessary could have them revealed by computer programs crunching publicly available data. All that’s needed to predict at least a valuable portion of someone’s nine-digit SSN is their date of birth and the state where he or she was born.
That’s the conclusion of two researchers at Carnegie Mellon University in Pittsburgh. Alesssandro Acquisti and Ralph Gross say that the government forces Americans to place a “perilous reliance” on SSNs to establish their identities while giving them the “impossible duty” of trying to protect their number.
The researchers found visual and statistical patterns in publicly available SSN data, showing that “a strong correlation exists between dates of birth and all 9 SSN digits.” They were able to develop a prediction algorithm that “exploits” the fact that individuals with similar birth dates who registered in the same state “are likely to share similar SSNs,” the study says.
In some cases, they were able to predict the entire nine-digit SSN number on the first attempt. The odds of that happening randomly would be nearly one in a billion, Dr. Acquisti says.