Watch CBS News
Small Business

Warning: Social Security Numbers Dangerously Unsecure

By Dave Johnson

/ MoneyWatch

Add CBS News on Google

Here's some news that might have been somewhat fresh in 1936: According to the Washington Post, researchers say that social security numbers can be guessed. And not just a few of the digits -- all of them. Here's how:

  • The first three digits are regional, derived from the zip code that the application originates from.
  • The middle pair of numbers change slowly over time, so people born in the same region within a few years of each other will typically all have the same numbers.
  • The last four are doled out sequentially.
It turns out that there are enough clues and indications about the first five digits that someone with access to Google could determine most of your social on a lunch break. And the final four, of course, are often used for ID purposes.

Let me be perfectly clear: I knew all this when I was 10 years old. So I can only assume that the "Carnegie Mellon University researchers" cited in the story are, in fact, a couple of pre-pubescents who picked this info up on the playground as well.

What is the implication for us? If you're a business, you absolutely, positively should not be using any part of the customers' social security number for identification purposes. Not even the last four. It's just too easy to end up the target of a lawsuit that contends you were a party to identity theft.

And you should never allow any business to use your own social for tracking purposes. Take your business elsewhere, if necessary. It's just common sense.

News of the Stupidly Obvious is apparently all the rage. Just the other day, I told you to lie about secret questions based on some Microsoft research.

Folks, seriously. Is anyone out there using social security numbers to track or be tracked? I'd love to hear about it in the comments.

Photo by Muffet

© 2009 CBS Interactive Inc. All Rights Reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue