It sounds like a bad breach, and I'm not arguing against that. I just want to point out my doubts that there were ever 2.9 billion Americans since the founding of the nation, let alone since social security numbers became a thing. Maybe if I bothered to read the article, it would make more sense.
this post was submitted on 07 Aug 2024
1 points (100.0% liked)
Technology
59672 readers
2930 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Lol, yeah "National Public Data" has records of over 3 billion people going back 30 years and these people live all over the world, so it seems.
There's something like 330 million Americans currently alive, give or take. Social Security began in 1935, so that's 89 years ago. For the sake of making the math easy for a dumb Lemmy comment, let's figure the population at the time was two thirds of what it is today at 220 million, and we can figure that within the margin of error virtually all of them are dead. Yes there are some Americans between the ages of 90 and 111 but they likely didn't have social security numbers as children; the practice of assigning a SSN at birth happened later when they tied it to a tax credit for having kids; at first you got a SSN when you got your first job so anyone who was under the age of 15 or so in 1935 wouldn't have been given one.
So let's figure 220 million Americans who have since died, and 330 Americans who are still alive, have held social security numbers. That's 550 million SSNs total. Rough back of the napkin math.
Why guess at the 1935 pop instead of just looking it up?
It was about 127 million.
Because it's a dumb Lemmy comment.
The SSN itself is limited to under 1 billion possible permutations anyway because the format is 9 total digits. (3 digits hyphen 2 digits hyphen 4 digits.)
And if I recall they also have something weird with the state you were born roughly corresponding to which 3 digit prefix you're issued. Obviously that isn't purely true either because that would only give you about 1 million unique numbers per prefix.
Either way they've gotta be close to the theoretical maximum of the format without recycling numbers.
Okay, but I'm not sure how revelant that is. The article doesn't say only Americans were affected, it says the exact opposite.
[...] this data likely comes from both the U.S. and other countries around the world.
Like I said, I didn't read the article, but only Americans would have social security numbers.
Social security numbers being involved in a breach does not mean that the breach only affects Americans. Some records might not have an equivalent ID number associated with them at all, and some records could have similar ID numbers from other countries. They also list current address as part of the data leaked but the fact many people don't have a current address didn't seem to cause you any confusion. The original source lists "information about relatives", if that was in this title would you have assumed only people with living relatives were included?
"I didn't read the article" is a poor excuse when you're commenting on the believability of the article. What happened here is you saw an article, immediately assumed it was about the US, realised that doesn't make any sense, then dismissed the article without even bothering to check because the title doesn't fit the US exclusively. It's crazy to me that you wouldn't even consider the fact it's not an exclusively US-based leak.
I mentioned the not reading the article so people would not waste their time citing facts from the article that may explain the headline that suggested billions social security numbers were leaked. I made no assumptions about missing addresses, as the headline didn't mention anything about missing addresses. I even mentioned that the event the article discussed was probably pretty bad -- definitely not a negative against the article's believability. I'm only guilty of judging a book by its cover, and in an existence of limited time, nobody has time to do any more than that except for limited exceptions. I did not choose to make this article an exception. The headline was mathematically deceptive, and my comment was about that. Nothing more.
If you see an article highlighting a breach of social security numbers and don't assume it's about the U.S., that's crazy to me.
Identity theft monitoring services always scare me. It seems like you are dumping a huge amount of information into a single system and just hoping the vendor is secure. I have access to one but refuse to put much information in. Is this mindset incorrect?
It reminds me of the recent Crowdstrike fiasco: apparently kernel level access was needed for their anti-malware to be able to properly work (because that way their net can cover the entire OS basically), but that high level of access meant that when CrowdStrike fucked up with an update, people's computers were useless. (Disclaimer, I am not a cybersecurity person and am not offering judgement either way on whether Crowdstrike's claim about kernel level access was bullshit or not)
In a similar way, in order for identity theft monitoring services to work, they surely will need to hold a heckton of data about you. This is fine if they can be trusted to hold that data securely, but otherwise... ¯\_ (ツ)_/¯
I share your unease, though I don't feel able to comment on the correctness of your mindset. Though I will say that on an individual level, keeping an eye on your credit reports in general (from the major credit agencies) will go a long way to helping there (rather than paying for serviced that give you a score and other fancy "features", you can request either free or v. low cost report which just has the important stuff you need to know.)
I also know that if you want to be extra cautious, you can manually freeze your credit so basically no new lines of credit can be opened in your name. This is most useful for people who have already been a victim of fraud, or they expect to be at risk (such as by shitty family, or a data breach). I don't know how one sets this up, but I know that if you did want to set up a new line of credit, you can call to unfreeze your credit, and then freeze it again when your application for the new credit is all done. I have a friend who has had this as their default for years now because of shitty family.
Go ahead, steal my identity. See if you have any better luck with it.
I keep all my credit reports frozen. These days, everyone should.
Keep in mind there are 4 providers now, not 3!
Oh? Who’s the new one?
I am. Your login is locked unfortunately. Send me your username and password if you want to unlock it. It's fairly common. You'll get your credit score as well.
Such a helpful employee!
User: DaftPensioner Pass: GoRockettes1964!
There are actually more than 3 providers and you should put a freeze on everything you can. You only need unfrozen credit for applying for new lines of credit (loans, credit cards, etc), and unfreezing is a quick process (15 minutes or so).
Here’s a pretty comprehensive guide for protecting yourself: https://old.reddit.com/r/IdentityTheft/comments/uvv3ij/psa_freezing_your_three_main_credit_reports_is/
It’s better to take these steps before you get your identity stolen rather than after. These steps can prevent your leaked information from being used against you.
Seems like this post is two years old at this point. Is it still valid?
Even if some of the information is outdated, although I believe it’s all still valid, the main points / TL;DR are absolutely relevant. It’s unlikely that the main bureaus will change, and although the exact steps for freezing may change over time, the emphasis on freezing is important.
load more comments
(1 replies)
load more comments
(1 replies)
And again they will fail to punish the company responsible for protecting this data for their criminal neglience.
Because that might damage shareholder value
It really should. The shareholders did profit from not investing in security until the incident. Let them suffer.
"Please enter your full name, address and SSN to check if you were exposed!"
Who TF is "National Public Data?"
A company not dumb enough to store anything in the EU, that's who. They'd be in real trouble now! Phew.
load more comments
(1 replies)
How did this company leak 2.9 billion people's info, including SSNs, when the population of the US is only ~350M?
Is "National Public Data" collecting info on everyone internationally? So many questions...
load more comments
(3 replies)