Nearly every 12 hours, on average in 2014, there was an institutional data breach somewhere in the United States — a record 783 cases reported last year, according to the nonprofit Identity Theft Resource Center. And the dire consequence is that these attacks give criminals access to what security experts call “the keys to the kingdom”: our Social Security numbers.
In recent months, cyberattacks have compromised the personal data and Social Security numbers of 47,000 employees and actors affiliated with Sony Corp., 800,000 workers at the U.S. Postal Service, 11 million customers of Premera Blue Cross, and up to 78.8 million customers at Anthem Blue Cross Blue Shield.
Nor is UC Berkeley immune: Two data breaches, one last December and another in April, exposed nearly 2,000 Social Security numbers of students, family members, and campus employees.
Which raises the question: Is it time to abolish Social Security numbers? Or at least radically change the way we use them?
These numbers — collected by banks, insurers, health care plans, universities and the government to match people to their records — have become all-purpose ID numbers. And therein lies the problem. Our use of Social Security numbers is “fundamentally, structurally flawed,” says Chris Hoofnagle, a UC Berkeley lecturer on computer crime and privacy law.
