Same Birthday, Same Social Security Number, Same Mess For Two Florida Women

itwbennett writes: After 25 years, the Social Security Administration (SSA) has fessed up to giving two Florida women who shared a name and a birthday the same social security number. The women only recently discovered that they shared an SSN, but not before having trouble getting loans and having tax returns rejected. You might think that the SSA would catch something like this, but as it turns out, they are prohibited from trying to verify the legitimate owner of an SSN, except in rare cases, says Ken Meiser, VP of identity solutions at ID Analytics, provider of credit and fraud risk solutions. And the problem isn't as rare as you might think (except for the part about two women with the same name born on the same day in the same state). According to a 2010 study by ID Analytics, some 40 million SSNs are associated with multiple people.

Not the same problem as most of the duplicates.

[daninaustin]

Most of the duplicates are due to fraud by illegals.

In my first programming job in 1982 for a bank...

we had three people with the same SSN. In 1935 in a three month period, 25 million numbers were issued from over a thousand post offices and from several companies, especially rail roads. Of course, there were mistakes made. What I still can't believe after encountering that almost a dozen more times, is that people still insist that SSNs are unique. I currently work for a payroll company, and we have a unique index on our database. People still mistakenly believe that they must be unique despite seeing proof that they are not.

Re: unique id

[ag0ny]

The way the SSN is, it is like having a password for very important things, but one that you have to give out to every street vendor to verify you as well. Identity theft nightmare for the owner.

No.

The problem isn't what the SSN is. The problem is the way the SSN is used.

I'm Spanish. In Spain we have a national ID system, and I have my own ID number. However, we don't use this number as a password in order to verify that we are who we say we are. It's used more or less as an index in a database. You can easily find my national ID number with a simple Google search. Mine, and probably every other Spanish citizen's. No big deal about it.

In you case, what's going on is that a bunch of clueless policy makers working for businesses decided that the SSN would work fine as a way to identify people. It's not. You're using it wrong.

Re:unique id

[BarbaraHudson]

SSNs aren't unique. This has been known for a long time - it was discussed in the C user's journal back in the 80s.

Re:Probably not a coincidence

[ShanghaiBill]

It's more likely that the algorithm used to generate SSNs, given the same input data, generates the same output.

The "algorithm" is "pull the next number off the list". My sister and I were born in different states, two years apart ... and we have different first names. My parents requested SSNs for both of us at the same time, and they were given two consecutive numbers.

No, UUIDs won't help.

That doesn't solve anything, because they were never meant to be secret in the first place. The "proper" use of an SSN is more like a username, not a password.

The real problem is that we have a bunch of people stupidly misusing a non-secret piece of information as if it was.

Similarly, I don't care if my license-plate number is sequential or random, any company that will lend money to someone who knows my name and license-plate is a company that is fucking up, and our laws need to recognize that it is *their* fuckup, not mine.