Death Master File: Researchers Find Social Security Number Hack

Alessandro Acquisti and Ralph Gross, researchers at Carnegie Mellon University, have found a way to guess social security numbers based on the structure of those numbers based on examing the publicly-available SSDI, or the Death Master file. The Social Security Death Index is a publicly-available database listing the names, birthdates and registry locations of deceased Social Secuity cardholders.

Social Security numbers have three parts: are number, group number, and serial number, all of which correspond to when and where the number was applied for, typically at birth for American citizens.

What does this mean for you? You may want to keep your birth city off of any public social networking pages, for starters. There are other measures you can take as well. This isn't meant as a scare story: just understand that identity info is like toxic waste: once it's out on the web, it's very, very hard to remove. This applies to other data besides Social Security. If you use your pet's name for your banking password, your Facebook or MySpace page can end up betraying you.

While the success rate is low (.08%), it's still better odds than Vegas. Social Security numbers generated in smaller states were easier to deduce: