Slashdot Mirror

← Back to Stories (view on slashdot.org)

OMB Website Exposes Thousands of SSNs

Posted by Zonk on from the good-managing dept.

msblack writes "The New York Times is reporting that an Office of Management and Budget website accidentally exposed at least 30,000 social security numbers publicly online. As many as 100,000 to 150,000 individuals may have been affected. The cost to taxpayers just for notifications and credit monitoring is estimated to run $4 million. 'While there was no evidence to indicate whether anyone had in fact used the information improperly, officials at the Agriculture Department and the Census Bureau removed the Social Security numbers from the Census Web site last week. Officials at the Agriculture Department said Social Security numbers were included in the public database because doing so was the common practice years ago when the database was first created, before online identity theft was as well-known a threat as it is today. '"

13 of 107 comments (clear)

  1. they're half right by User+956 · · Score: 4, Funny

    The New York Times is reporting that an Office of Management and Budget website accidentally exposed at least 30,000 social security numbers publicly online.

    Sounds like they got the "Social" part right... "Security", not so much.

    --
    The theory of relativity doesn't work right in Arkansas.
  2. Oh no. by Mockylock · · Score: 4, Funny

    Was 565-459-9342 on the list? If so, can you please take it off?

    --
    "Please, shut up. Just when I think you can't say anything more stupid, you speak again." -Archie Bunker.
  3. Permanent Fix for SSN by HighOrbit · · Score: 4, Insightful

    Here a permanent fix: render SSNs worthless for financial transactions by making it illegal for any entity besides the IRS, SSA, you employer and your bank to ask for a SSN or keep a record of a SSN for any purpose other than tax collection and Social Security. The employer and bank would only be allowed use it for tax reporting purposes. The credit reporting companies, banks, and data brokers might howl, but too bad. They can use other data identifiers, or even better, learn to personally know their customers beyond a mechanically created credit score tied to a SSN.

    1. Re:Permanent Fix for SSN by Qzukk · · Score: 4, Interesting

      The credit reporting companies, banks, and data brokers might howl, but too bad.

      Yes, too bad. It's obvious by now that the market is not going to come up with a solution for this on their own as long as they can use the SSN as a crutch. It's time to yank that crutch back out. The SSN should be discontinued and replaced with a tax id that should only be used for two things: reporting income to the government and paying your taxes or getting your refund. If someone steals my SSN, they're more than welcome to paying my taxes for me, and if they try to hide their income in my tax id we'll find out about it at the end of the year when my tax forms don't match the reports. And if I don't get my refund, well...

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  4. So how... by FlyByPC · · Score: 4, Funny

    ...does exposing 30,000 SSNs affect 100,000 to 150,000 people?

    Oh, I get it. The original SSN recipient and the 3-4 ID thieves. Never mind.

    --
    Paleotechnologist and connoisseur of pretty shiny things.
  5. semi-secret number bad tool for ID by Hoplite3 · · Score: 4, Insightful

    A "semi-secret" ID number is a bad tool for ID. You don't need to be an expert in cryptography to realize that a password sent around is plain-text is bogus.

    The deeper issue is why identity theft is my problem. Shouldn't the credit agencies etc. be very very liable for loaning money to someone who is not me? It seems like they are part of the fraud whether they were willing participants or not. I should be able to collect damages when their negligent checking of my identity harms my credit score. Identity theft is a con job, where the perp convinces Visa (or whoever) that they are me. Usually, when cons happen, BOTH the conman and the victim are liable for damage caused. Suppose I conned you into thinking I was a cop and told you to drive me around while I robbed banks. You would still be accessory to my crime even if you claimed you didn't know better. Visa wants to (and currently is) claiming that they are not accessory to the theft of my credit score. That's not right.

    The SSN is just a proxy for the fact that there are different standards for people citizens and corporate citizens.

    --
    Use the Firehose to mod down Second Life stories!
  6. Mine by Sparr0 · · Score: 4, Insightful

    My SSN is 427347246. This is not a secret. Everyone I have ever worked for knows this. Everyone who has ever drug screened me for employment. Everywhere that has ever had to tell the IRS about my gambling winnings. Half a dozen real estate agents. Over a dozen banks, and over a thousand bank employees. Anyone in earshot every time I have ever called my bank. Broward County got it right, publish them all, expose the farce that is SSN secrecy.

    1. Re:Mine by crabpeople · · Score: 4, Interesting
      Well your name is Clarence Risher. You may have attended austin university. LoL, dude I just found your resume so I think I win http://www.trifocus.net/~sparr/resume.html.

      Address is

      "122 G Stephanie Dr
      Clarksville, TN 37042
      (931) 980-2760 "


      What else do I need for ID theft exactly?

      --
      I'll just use my special getting high powers one more time...
    2. Re:Mine by shaitand · · Score: 3, Interesting

      'Umm... This is really an odd statement, here. What do you care that someone can convincingly file any sort of transaction under your name (SSN and Mother's Maiden Name). What do you care that someone could borrow $150,000, and put up your house as security.'

      These are all problems for someone with good credit and/or assets or maybe even money. For the majority of the population this is not the case. Most of us don't own a home or even a decent car. Most of us have no credit worth mentioning and probably bad credit besides. What difference does it make if the number you owe on paper grows? It isn't like you could have paid what was there anyway. A few more collectors harassing you? That is why you got a machine years ago. Time in court? Please, you can't afford to file bankruptcy, especially if the only purpose it serves to erase an imaginary debt (I say imaginary because the only chance it has of being paid or collected is in the imagination).

      'What do you care that someone could use your info to launder money, with a trail leading right to you when the feds look into it and an onus on you to prove it wasn't you?'

      The burden is on the feds, not on you. Someone must have gained access to your information, you never went to those places and conducted business. The guy on the bank security cameras wasn't you. The information and picture on the ID the bank photocopied doesn't match yours. How about proof of address? What did they use for that? If they used your address then you would have been sent paperwork before that became an issue. And even without any of that, a claim that someone else used your information is easily within the realm of reasonable doubt. The feds would have to prove not only that my information was used but that it was me who used it. That is of course assuming that you can manage to force your public defender to go to trial instead of plea bargaining. Typically they have enourmous case loads and often are regular attorneys who don't want to waste time on the freebie case.

  7. What happened to privacy act and common sense? by Shadowlore · · Score: 4, Insightful

    What is disturbing to me is not that these SSNs were exposed, but that they were simply included in "other" databases to begin with. We were told that our SSNs would be limited only to those entities that had a legitimate reason to NEED it. The fact that they were included as a matter of common practice belies this claim. The reference to "before identity theft was a problem" is unadulterated crap. Identity theft has been a problem since biblical times (Jacob and Esau)! The reference to it is a red herring.

    What should have been happening is that SSNs should not simply be included in various databases. They should have been following the rules that we were told they were. Whether or not that was successful, they should have had policies and processes for vetting the database for privacy issues prior to dumping it online. Federal privacy laws predate the Internet. The basic notion of checking your data for data that should not be publicly available predates the Internet.

    IMO this is similar to the claim that "nobody imagined using airplanes as missiles before 9/11". The problem of Identity Theft existed, was well documented, and alone should have given them reason to examine their DB first. The basic laws on privacy should have. And failing that common sense should have. This is a failure on many grounds.

    --
    My Suburban burns less gasoline than your Prius.
  8. Thanks a Lot, FDR by MarkPNeyer · · Score: 3, Interesting

    The entire social security program is absurd. Ignoring the economics of the retirement portion of the program, using SSN's for identification is a terrible idea. The program was never initially designed for the numbers to be used as ID's, but the need for one was so overwhelming that people started accepting them.

    Scrap the entire Social Security program. If you think the government ought to force people to prepare for their retirement, withdraw money from their paychecks and put it in a personal account for them. Hell, even a bank account with 1% interest would give you a better return than social security, and it guarantees ownership of your money, instead of allowing the government to waste it building bridges to nowhere when you die.

    Once that's done, let's design a proper identification system, so it doesn't matter if someone gets your ID number.

    --

    My blog
  9. Re:What is SSN? by MarkPNeyer · · Score: 3, Informative

    Every American citizen is issued a "social security number." Social Security is a "retirement" program instituted by the American government to provide for its citizens when they retire. The numbers are now used largely to identify citizens by banks, schools, hospitals, and many other organizations. If you have someone else's social security number and driver's license, you can most likely apply for a line of credit in their name.

    It's basically a combination user-id and password which is transmitted in plain text. Very stupid.

    --

    My blog
  10. Re:The third time it's enemy action. by lawpoop · · Score: 3, Informative

    A chart of personal data stolen from laptops from government organizations, schools, and corporations.

    --
    Computers are useless. They can only give you answers.
    -- Pablo Picasso