Your Social Security number, along with other personal information, has likely been stolen. What does this mean for you?
If you haven’t heard already, your Social Security number was stolen recently.
How do I know yours was in the breach? Because the leaked data contains approximately 2.7 billion entries.
The current population of the U.S. is around 330 million, which means that each of you has an average of 8 records potentially devoted to you.
But what does this mean? And does it matter? And what, exactly, should we do about it?
Table of Contents
Once more into the breach
A good primer on what happened is this New York Times article.
Basically, some company had a big database of people’s personal information, and it got hacked by some group somewhere.
I don’t mean to be blasé about this, but my honest response was kind of a shrug. Haven’t we been through this movie before?
What’s in a number?
The media is harping on “stolen Social Security numbers”. But is this number really a secret?
I know that I’ve been taught my whole life to keep that number hidden, and to be extremely skeptical when someone asked for it over the phone. (And when I do divulge it, to do it in a whisper.)
But how secure is a nine digit number, anyway? I can remember nine digits in my head.
And it’s probably less than nine numbers that you need to remember, because if you know where someone was born, you can generally figure out their first three numbers.
This number was never designed to be a secure number, mainly because it was never designed to be an identification number. See this video for what I mean:
Let’s also look at some context. All my debit and credit cards are either 15 or 16 numbers long, with a four digit expiration date and a 3 digit “security code”. That’s a maximum of 23 digits. That’s pretty hard to remember, but not exactly tough for a computer.
If you trade in Bitcoin, your private key (the part that enables you to take control of an account) is around 52 characters. That’s not numbers, that’s any alphanumeric character.
Now that’s a big number. Watch this video to see how long it would take to reverse engineer that number. (Answer: Many billions of times the age of the universe.)
Then again, as we all know, security in the real world is more like this:
That said, given all the places you have to give your Social Security number, it’s unrealistic to believe that it’s not been copied somewhere.
Not just Social Security numbers
That said, it was more than Social Security numbers that were “stolen”.
According to Bleeping Computer, the records appear to also contain:
- Full name
- Alternate names
- Date of birth
- Addresses
- Phone numbers
What a fiesta of information!
Check if you’ve been hacked
I bet by now you’re curious to see what of your information is now floating around in criminal land.
Luckily, this site has been set up to query the database. Don’t worry though, the Social Security numbers are redacted here.
My information is there, though surprisingly not my current address or phone number.
What to do?
There’s not much you can do if your information is stolen. You can’t put the genie back into the bottle.
But there’s not nothing. You can freeze your credit.
One of the reasons why this information is so valuable is that people can use it to take our credit cards and loans and other financial products under your name. But if you freeze your credit, then they can’t open any accounts.
You’ll have to freeze your credit once for each of the three major credit bureaus:
If for some reason you don’t want to do this, then I would recommend watching your credit reports more closely, in case something unexpected shows up there. I wrote up instructions on how to check your credit reports. It’s easy and free:
- How to get your credit report from Equifax
- How to get your credit report from Experian
- How to get your credit report from TransUnion
What, me worry?
Hacks are a normal part of our existence by now, and no one should be surprised that something like this happened.
Honestly, the sheer scope of this breach contrarily makes me less upset about it. At 2.7 billion records, what are the chances that someone is going to pick yours?
Identity theft is a big deal, and it’s not a laughing matter, so I would do whatever is in your power to reduce the risks.
But beyond that, I wouldn’t worry too much about this particular breach. There will be others, and at this point, any information of yours is likely already out there.
