Listing your date of birth and your hometown on social networking sites such as Facebook doesn’t seem like such a big deal.
After all, who doesn’t like being showered with birthday greetings from well-wishers? And listing your hometown makes it easier for old pals to reconnect. However, revealing these personal details could place your Social Security number -- and thus your identity -- at risk.
In a recently released study, Carnegie Mellon University researchers found that identity thieves might be able to accurately guess your Social Security number simply by learning your place and date of birth. In the trial, researchers discovered it is relatively easy to predict Social Security numbers for people born after 1988 -- when the Social Security Administration began pushing for infants to obtain numbers soon after birth. Researchers identified all nine digits for 8.5 percent of people in this category, using fewer than 1,000 attempts for each number.
Feeling a bit more secure because you were born in 1988 or before? Don’t get too comfortable. Carnegie Mellon researchers also were able to predict the first five digits of Social Security numbers for 7 percent of people born between 1973 and 1988.
Why your number might be vulnerable The Social Security Administration relies on predictable geographical and statistical patterns in distributing numbers, making it easier for potential identity thieves to narrow down the range of numbers they’re guessing. As a consequence, if an identity thief knows that a certain series of numbers was assigned in your hometown or state during a certain time period, he or she doesn’t have to work all that hard to find your number.
Your number is at greater risk if you’re from a smaller state. For instance, in 10 or fewer attempts, researchers predicted one in 20 social security numbers issued in Delaware in 1996.
What you can do Take a two-fold approach in protecting yourself, say the experts. First, safeguard aspects of your identity, such as your name and birth date. Next, be particularly cautious about where and how you reveal your Social Security number. Jeremy Miller, director of operations at Kroll Fraud Solutions, a data security/ID theft protection company, calls those three pieces of information the “holy trinity” of personal information. With your name, Social Security number and date of birth, an identity thief can open accounts, apply for jobs or rent a home.
Miller and other experts offer this advice:
Do avoid using your full name. Try using a nickname or pseudonym for online sites, suggests Bill Horne, a security expert who owns Massachusetts-based William Warren Consulting, a computer network installation and consulting firm. If you do use your first and last name, leave out your middle initial. Consider altering the spelling of your name in a creative but recognizable form on social networks, such as “Tracee” for “Tracy.”
Don’t give your full date of birth. If you still want those Happy Birthday messages, try simply listing your month and day of birth. Make sure you don’t list your age or year of birth elsewhere.
Don’t reveal your place of birth. Keep geographical information general, says Miller.
Do protect your Social Security card. “Keep that card locked in a drawer,’’ advises Michelle Drolet, CEO of Massachusetts-based Towerwall, an information security company. “Never, ever enter that information online. Never send that information over email or to an unsecured site.”
Don’t use your Social Security number as ID. Resist efforts from companies that use your Social Security number or segments of your number as ID, says Dave Chronister, a certified ethical hacker and co-founder of Parameter Security in St. Louis, Mo. “You’re giving the key to your identity to someone else,’’ he says. “Once your Social Security number is out there, it’s out there for good.” There’s no reason to reveal your number on an employment application. A reputable employer will need that information only after you are hired. Never use even a partial number as identification. Identity thieves might be able to piece together the remainder of your number.
Don’t input your number in your computer. Your number is so at risk that both Drolet and Chronister advise against even typing the nine digits into your computer. Too often, home computers are insecure, says Drolet. Shore up your defenses by installing strong antivirus, antimalware protection, running regular updates and obtaining any security patches. If you simply must input your number, run your security software before and after doing so.
As you share personal information online, don’t forget Chronister, who uses hacking techniques to help companies and government agencies understand the weaknesses in their systems.
“Social networking is a treasure trove for me,’’ he says. “It is scary how much information is out there, and how people are willing to put it out there without any reservation,” says Chronister “If some stranger walked up to you and said, ‘What’s your birthday? Where did you go to school? Where were you born?’ you would question that.”
Kim Boatman is a journalist based in Silicon Valley, Calif. She spent more than 15 years writing about a variety of topics for the San Jose Mercury News.
