Isn't the system 111-22-3333 where 1s identify state, and 2s identify county?

@youaredumb: No. My first 5 and the rest of my family's first 5 are all vastly different and we were all born at the same hospital.

@youaredumb: 111 is office and 22 is year of issue I think.

I'm glad I didn't get a SSN when I was born.

@youaredumb: Can't be exactly, unless its totally based on birth (as opposed to where you got the number). My husband, from another country, has different numbers for the first three than our kids, born in the same state where he got his SSN. I can't recall exactly, but I don't think our kids have the same first three numbers either (and certainly not the same first five - although they were both born at the same hospital).

@youaredumb:

Nope. the first 3 code to locality and time but not necessarily State. For instance, my wife and my son both have a different first 3 digits but they were actually born in the same location (just vastly different years obviously). My brother and I are the same situation, born in the same location but different years and different first 3.

@wezelboy: if 22 is year of issue, it's in code. My midde 2 and the last 2 digits of my yr of birth are different.

@Jevia: Yeah, my brother and I were born 4 years apart in the same hospital, and our 1st 3 are not the same ( but fairly close) next 2 are nothing alike.

The first three digits are your area numbers. See here:

[www.socialsecurity.gov]

The algorithm could easily guess your first three digits using your place of birth and the above table.

The middle two numbers are administrative only, and have a specific order in which they are handed out. See here:

[en.wikipedia.org]

The last four digits are nothing but a serial number within the administrative group created by the middle two numbers.

The algorithm works by taking your place of birth (thereby knowing the first three) and then predicting in what range your social security number must fall based on known social security numbers and birth dates of other people in that area.

What surprises me about all of this is that it makes news. Anyone that knows their parents' social security numbers probably could ahve figured out that this was possible.

@Freeloader: If I remember correctly (rather what I was told), me and my 3 siblings all applied for the SS card at the same time. I am pretty sure that they are all very similar and that the first 5 are identical.... This was around 84 though....

Lets just get rid of them then, let us keep our own money for retirement, and stop using the number for identification, which it was not supposed to be used for anyways.

Don't you think maybe these researchers had to stretch and come up with some sort of results to justify their grant money?

@FDCPAGuy: they changed the system after 1973. the first three are based off of zip code. relevant codes here. the middle two are group number and the last four are a serial number. see here.

My SS # reads the same forwards and backwards so if they can guess the first five numbers they can probably get the rest quite easily.

It seems to me much easier to simply steal a list from a credit card company or something similar- those places could care less about the security of your SSN. Hell, there are huge lists of SSN's already floating around. Way easier than trying to figure out an obscure code.

@dako81: you're supposed to buy into the propaganda they put out and demand that new cards be made with "safer" RFID chips.

Maybe it's just me, but I fail to see how this is a problem. There are easier ways to find out a SSN for someone (and probably just as difficult as finding the info they need to "guess" the first digits).

Also, things like this concern me because the only way they know that they are right is that they had access to all of the people's numbers that they tried to check. THAT is a bigger problem.

There was a simple algorithm at one time, but didn't they switch over in the late 80's to a more sequential numbering system where the first 3 digits no longer identified state?

@dako81: I believe the "not for identification" proscription was actually for the card itself, not for the number.

@Carso:

The algorithm could easily guess your first three digits using your place of birth and the above table.

No, it could easily guess your first three digits if they know where you applied for your SSN. Not where you are born. The assumption is that you apply for an SSN in the same area that you were born. But that's not necessarily the case.

For instance, if I told you that I was born in Taos, NM you would come up with a completely different three first digits than my actual SSN, if you used that assumption. Then the remaining assumptions would also be incorrect.

It's not too hard to get around either. The SSA doesn't care (much) what address you give when you apply for a new SSN for a newborn, it's only used for an address to ship the card to. So you could, for instance, give the baby's grandparent's address across the country, and have them mail you the cards when they arrive. Issuing office is now far away, first three digits don't reflect where baby was born, and remaining assumptions fail.

Algorithm broken.

Government agencies need to move quickly to change social security numbers after researchers discovered an accurate way to guess a persons social security number based on just birth location (or location were number was applied for) and birth date.

The Social Security Administration needs to let people reapply for new numbers that are at least somewhat randomly produced. They should adopt a policy of issuing two socials, one number would be kept solely private and for government use only, it would be against the law for any company to ask for this.

The other number would be longer, completely random, and disposable. This second number could be used by financial institutions and others with a need to verify identity. Because fraudsters could easily dump these "disposable" numbers to change IDs they would plug back into your permanent number were the SSA could then provide a a yes/no answer that the identity was true.

[joshuadavisphotography.com]

@youaredumb: I wouldn't be surprised. My brother and I are born 5 years apart, in different hospitals, and yet our SS numbers are the same except for the very last digit (and ours were issued/applied for at birth)

I didn't acquire a ssn until I was in my teens. Do most people receive theirs immediately after birth?

@AllanG54:
I have a number which does not repeat the numbers 1 through 9. I only figured this out when phone access to bank accounts started and your SS# was one of the default passwords. The first time I figured out that I used all of the phone keypad numbers (except 0, # and *) I was amazed.

Forgot to mention, mine reflects my location at the time as opposed to my place of birth.

@ThinkerTDM: SS#s are the entry to awesome ID theft so any program that could brute force the numbers out would be loved by the criminal gangs.

The researcher's accuracy is so low to be useless - a stupid party trick that even kids won't fall for.

"It was possible to identify all nine digits for 8.5 percent of those born after 1988 in fewer than 1,000 attempts."

This is the same as:

Magician: "Is your name Bob, Doug, Mark, Steve, Mike, John, Henry, Allen...[list 100]... Gerry or Harry?"

Kid: " "Yes."

Magician: "Ta-da!"

@humphrmi: "The assumption is that you apply for an SSN in the same area that you were born. But that's not necessarily the case."

Excellent point for new parents to help keep their child's SS# safe.

I didn't get a number until I was 8 or 10 years old since life didn't revolve around it back then.

@ChrisC1234: I don't know, seems pretty easy to me. Pop in a target's DOB and place of birth and get back a range in which their SSN should fall. All that's needed after that is a way to test the results, and I'd be surprised if that was prohibitively difficult.

There may be easier ways to get an individual's SSN, but I doubt there are easier ways to get "everone's" SSN.

@richcreamerybutter: According to the gov't website it's ZIP code at time of application.

[www.socialsecurity.gov]

This link even tells you what recent 5 digits were issued and in what months (2004-2009). [www.socialsecurity.gov]

@ChrisC1234:

It's a problem because anyone working in a customer service role at any utility (i.e. cable provider, internet provider) or any credit-style service (i.e. credit cards, banks, etc...) typically have access to your DOB and last four of your SSN for verification purposes.

Now, those customer service reps represent the most significant threat to identity theft. And many times, a company requires you to provide this information, not giving you any choice to just choose some other random PIN.

@richcreamerybutter: Only if their parents apply for one.

@humphrmi: A good point, I hadn't been aware that such a possibility existed.

@humphrmi: Yes, the article points out that the algorithm doesn't work for people who didn't get an SSN when they were born. It also doesn't guess it right on the first or second try for most people. But the point is, given a large amount of people, the algorithm could probably guess the SSN of a few of them, which would suck for those people.

@humphrmi: The algorithm isn't broken because it fails on a few - unless I missed the part in the article where it said, "this algorithm can determine everyone's Social Security Number with 100% accuracy no matter what."

The truth is that the majority of new parents leaving a hospital are a little wound up in the whole "taking care of a new baby" thing and aren't asking relatives four states away to take social security cards so future developments of algorithms would fail and they'd then be able to thwart identity theft in approximately two decades.

If the algorithm works even half the time (and that's not even much of a stretch), it's not exactly a "fail." Imagine all those sites that ask for last-four SSN validations (banks and whatnot). If you use an algorithm for the first 6 and get half the SSNs right, that's a pretty good haul on data when you're supposedly thinking, "what can they really do with the last 4 of my social, it's practically random digits!"

@Stephmo: Augh, first 5 - and when I say 50%, I do mean you're targeting post-80s births since the researchers really only did well on individuals who were given SSNs at birth. If you're doubly smart, you can game the system by targeting states with low move-in rates.

Those that got to wait until they absolutely needed it and got it wherever only had the 7% success rate.

Yes, the @IfThenElvis: Yes, the probability of them guessing YOUR number is low. But the probability of them guessing ANYONE's number is high. ID thiefs don't mind if they get the SNNs of every person in the country, they just need a few to make a bunch of money.

To go with your magician analogy, the magician just needs to say, hey is anyone in the room named Tom? And one guy goes, yeah, that's me! And the magician says, cool, I'm taking your wallet, see ya!

My girlfriend was born just a few days before, and not far from my best friend.

He had to give his SSN at the bank to make a withdrawal, and she noticed that they were only a couple of digits off, so it was easy to remember. When she got a new phone number I told her to text him his SSN from this number that would be a mystery to him.

He was convinced someone was spying on him for a while I think.

@Freeloader: my sister and I got our numbers at almost the exact same time...our first 5 are the same. while there probably is an algorithm it won't work for everyone....seeing as i didn't receive my SSN until at least 6 months to a year after i was born. and i wasn't living in the state where I was born by that time. one of the advantages of being an army brat I guess.

@ChrisC1234: they used the DEATH LIST, the publicly available numbers of dead people so that the numbers aren't stolen.

@richcreamerybutter: i think the article said in 1988 they started handing them out at birth.

Do the math people:

The first five digits of an SSN are a function of the state and date of issue. The 44% figure, for those born after 1988, is only achievable if one has a good idea of where and when you were born. The source of their test data, the SSA Death Master File, provides date of birth and zip code of death. If one makes the (not unreasonable) assumption that a person died in the same state in which the person was born, then yes, one could achieve the 44% number -- provided one knew the date (or at the least the year) of birth.

Where the fear mongering falls apart is if one takes their "8.5 percent of those born after 1988 in fewer than 1,000 attempts" and extrapolates what that means to the average person: the odds of my being able to guess your SSN (assuming you are born after 1988 and I know in what year and state you are born) is roughly 1 in 6000. If I don't know when or where you were born, the odds are significantly higher.

If I'm stealing your identity, those aren't very good odds at being successful.

@richcreamerybutter: Nowadays, parents have to have the SSN of their kids in order to claim them as a dependent on their taxes. So yeah, most now get them immediately after birth.

Between employment applications, health documents, college forms, University Records Departements,IRS Tax forms,cell phone plans,credit cards, bank account records,motor vehicle loan applications,AND credit bureaus with lax standards,criminals do NOT need to guess or hack anything.

All the bad guys have to do is get a job at the local AT&T store/local bank/tax office/best buy( in-store credit cards),Credit Bureau,or Medical Records at a hospital.Game over.

[www.birthdatabase.com]

does this scare anyone else?

@SoFlaSnowMan:

So let's assume from your handle you deal in illicit substances and wish to travel to S. America, but don't want to be tracked. Would it be worth it to do a bit of research and some number crunching?
A friend of mine was returning from the far east, stopped in Hawaii on the way back. He spent 10 days locked up because the government types noticed his SSN matched that of one's used by a known smuggler. It cost him a lot of money to get the mess straightened out. And this was in the early 90's... I cannot imagine the mess he would go thru today...
The SSN numbering system is antiquated and exposed and has been for a long time.

@floraposte: No it say's "not for identification". It's clear what that means. If it's used in any way for identification then it is "being used for identification".

The point of the article is to get everyone into accepting the new SS card which is being created which is actually a "federal drivers license". Here's whats included in this unconstitutional bill, The PASS ACT, S.1261.

1. The Real ID and the PASS Act.
2. You will be enrolled in a Biometric Identification System.
3. You will have your Social Security Numbers in DMV databases.
4. RFID chips in our Driver's Licences.
5. Federal intervention with the issuance of our State driver's licenses.
6. Trading your freedom for security.

All of these actions are unconstitutional and a direct attack on our civil liberties and our unalienable rights.

This study is nothing new. A few years back I wrote a program for a bank I worked for at the time that help determine whether or not a social secutiry was valid. I am alwyas amazed when people refuse to give out their SSN. Companies have tools to locate it.

@youaredumb: I think anyone who works with SSN can recall seeing similar numbers among families. I think the most striking similarities occur with immigrants where the numbers are only 1 or 2 digits apart.

I'm sure that these researchers are not the first people to try to crack the system.