""As cyberattacks continue, analysts are seeing a new pattern: Hackers are focused on stealing personally identifiable information. That includes the security clearances of U.S. intelligence officers, with the reported theft of background information. It also includes information that's less sensitive but far-reaching — like Social Security numbers.
In an interview with NPR's Audie Cornish, NPR's Aarti Shahani took a look at just how many Americans' Social Security numbers have been stolen so far, and what's being done about it.
Let's start with stats. Following big data breaches like Anthem and, more recently, the federal government's Office of Personnel Management, how many Social Security numbers have been taken?
The question sent us on a wild goose chase.
The Social Security Administration says it does not have a count. So we turned to the Federal Trade Commission, which is the lead agency on identity theft for the federal government. FTC officials say they don't have anything approximating that number because they don't track data breaches. It's not part of their mandate from Congress.
The FTC suggested we contact Verizon. Their business unit, Verizon Enterprise Solutions, publishes a very popular annual report on breaches.
So, to get a tally on theft of Social Securitynumbers, the federal government sent NPR to a phone company?
Pretty much.
Verizon gets cyberattack data from dozens of organizations around the world, including federal agencies like the Secret Service and the Department of Homeland Security's Computer Emergency Readiness Team.
Jay Jacobs, lead data scientist at Verizon for the breach report, is a foremost expert who has been slicing and dicing this data for years. He estimates 60 percent to 80 percent of Social Security numbers have been stolen by hackers. NPR put the question to him multiple times and he stuck by this estimate.
That number is staggering. It's far larger than the estimate, by the federal workers union, that every federal employee is a victim.
Jacobs pointed out that while Social Security numbers have been stolen for decades, the scale of the problem is new. Before, socials were written or typed on a piece of paper, and breaking into one filing cabinet doesn't scale up. But now that everything is digital, if hackers compromise a server or data warehouse, that theft scales into the millions, quickly.
"It's gotten somewhat easy for the attacker," Jacobs says. "I think we're underestimating just how [many] records are out there."
So the problem of theft has changed by orders of magnitude, but just because your number was stolen doesn't mean you're a victim of identity theft?
Correct. The number of victims is definitely smaller. But we don't have a great estimate on how many people have actually been harmed. That'll unfold over time.
One key detail: The burden falls on you to vigilantly monitor if you are a victim. The Social Security Administration has a policy: You can't change your Social Security number just because it's been stolen. You need proof it's been abused. SSA is strict about it. In all of 2014, they replaced only 250 Social Security numbers based on misuse and disadvantage.""
No comments:
Post a Comment