(Bloomberg) -- The hackers who infiltrated Anthem Inc. made off with one of the most prized possessions in computer crime: the Social Security numbers of as many as 80 million customers of the nation’s second-biggest health insurer.
The nine-digit numbers the U.S. government has doled out since 1936 typically follow people from birth to death. There are 450 million combinations in use, and by learning yours, hackers can obtain credit cards in your name, wire money from your bank accounts, or learn enough from telephone records or medical histories to trick you into divulging more information.
“With the data elements compromised in this breach, criminals have had the keys to the kingdom,” said Paul Stephens, director of policy for Privacy Rights Clearinghouse, a San Diego-based advocacy group. When companies or agencies use Social Security numbers to both identify individuals and authenticate they are who they say, it’s “a recipe for disaster.”
Unlike payment-card numbers, which are useless once banks find they’re being used for fraud, your Social Security number is ubiquitous and hard to change. They remain the main authentication mechanism for many essential services, especially ones provided by the government.
It’s rare that one company has so many of them, and that so many are stolen at one time. For Social Security numbers to be useful for criminals, they need to be stolen in conjunction with other information, such as name, address and birth date -- exactly the kind of data that insurers like Anthem collect.
Black Market
Because criminals need to invest that effort and time to make money off of Social Security numbers, other snippets of personal data that are easier to monetize command a higher price on the black market. Social Security numbers sell for $3, while mothers’ maiden names sell for $6 and the name and password for online bank accounts sell for $1,000, according to one study from 2011.
Many companies decide to store Social Security numbers in a central location. While that increases their usefulness for data analysis, it also raises the risk that hackers could take them all at once, said Orion Hindawi, co-founder and chief technology officer for Tanium Inc. The Berkeley, California-based security firm works with banks, health-care companies and other large organizations.
“The most secure way to store something is also the most expensive way,” Hindawi said. “If you break up all the data, you can’t access it to mine it and find patterns. Many companies make a choice about where the line is they’re going to draw, and people draw the line in the wrong place.”
Copyright 2018 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
