Scammers would love to get their hands on your Social Security number (SSN), which they can combine with other personal details they’ve obtained about you to open credit accounts, collect unemployment insurance, circumvent your benefits, commit crimes and unleash a whole lot of misery in your name.
The most recent concern comes from a class action lawsuit filed against a private company based in Coral Springs, Florida, that provides background checks. Its name is National Public Data, and the federal lawsuit filed Aug. 1 alleges that the company’s database of about 2.9 billion records, complete with Social Security numbers, has been breached and is for sale on the dark web for $3.5 million.
Join AARP for just $9 per year with a 5-year membership and get a FREE Gift!
Before you panic, realize that fewer than 500 million Social Security numbers have been issued since the start of the program in 1936, and they’re never duplicated. So worries about 2.9 billion separate Social Security numbers in scammers’ hands isn’t real.
But worries about identity theft are why the Social Security Administration and privacy and security experts issue stern warnings about keeping not only Social Security numbers under wraps except when necessary but also the W-2s, 1099s and other documents they may appear on. Similar precautions apply to your driver’s license, insurance and medical IDs, and other information that in the wrong hands can bleed your finances and wreak havoc.
Some people and organizations have a valid reason to receive such documents, including a new employer, your accountant, a bank, a landlord or a school. Even then, though, proceed with caution. Resist surrendering the information to practically everyone else, no matter how innocent their request seems.
Be extremely wary of providing your Social Security number to someone who has called you. You should verify the identity of the person you are speaking with if you didn’t reach out directly.
Just don’t do so by calling back a provided phone number or clicking on a text link. Moreover, unless the answer is obvious — for example, the request is coming from the accountant you’ve been using for years to prepare your tax returns — ask would-be recipients why they want the information in the first place and how they intend to secure it. Also ask what will happen if you decline to give out the information.
“Some businesses continue to use Social Security numbers as a means of authenticating customers or simply as a practice they just never let go of,” says Kathy Stokes, AARP’s director of fraud prevention programs and also head of the AARP Fraud Watch Network. “Consider pushing back and asking if there’s an alternative.”
ARTICLE CONTINUES AFTER ADVERTISEMENT
If you’re satisfied that the stranger you are dealing with is who they say they are and has a legitimate need for the information, the next step is to figure out how to safely provide your number to them. It’s often inconvenient to hand-deliver financial, tax or employment records, especially if you’re in a different city.
Health & Wellness Dental insurance plans for members and their families See more Health & Wellness offers >If documentation isn’t required and you just need to share an ID number or some other details, you can provide the information over the phone. Again, do so only if you know the person is legitimate and trustworthy.
Short of relying on an overnight courier or the postal service, your alternatives involve technology. But absent proper safeguards, digital transmissions carry their own set of security risks.
First, what not to do: It may seem like the fastest and simplest option, but don’t ever include your Social Security number and other confidential information in the body of an email, an all-too-easy hack. For the same reason, avoid attaching scanned PDFs or other documents that include your Social Security number and other personally identifiable information. Don’t text the information or spill the beans via instant messages either, which are equally vulnerable.
The most popular everyday communications mediums are far from bulletproof. A scammer can sometimes deceive unsuspecting users into voluntarily giving up data through clever phishing attack schemes in which they’re masquerading as real financial entities or the IRS, using fake names and convincing corporate logos.
Even if your email or text is addressed to the correct recipient, it can be intercepted by the bad guys. Emails are sometimes compromised because people use the same easy-to-guess passwords across multiple accounts. Another security faux pas is to share private exchanges when you are connected to the internet over unsecured public Wi-Fi networks.
Video: 3 Ways to Keep Your Social Security Information SafeYou can send encrypted email if the company you are working with offers that option. Encrypted messages are scrambled behind industry-standard cryptographic algorithms and other secure methods.
Join AARP for just $9 per year with a 5-year membership and get a FREE Gift! Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP The Magazine.
ARTICLE CONTINUES AFTER ADVERTISEMENTBut while businesses may rely on encrypted email to keep snoops at bay, it isn’t typically a user-friendly option. Not only must the sender have the wherewithal to encrypt a message, but the recipient also needs the right digital key to unscramble it.
“That’s just not something most people are going to do,” says Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center in San Diego, which educates consumers on the risks of identity theft and offers free services to help victims recover.
Faxing sensitive documents isn’t much more secure than regular email unless you are 100 percent convinced that the only person who will pick up the document is the intended recipient, perhaps in a one- or two-person office.
“Otherwise, it’s like dropping them off on a desk,” where anyone can grab them, Velasquez says. Meanwhile, this may seem like a no-brainer, but if you do fax, double-check that you are using the correct phone number.
In most instances, the safest way to share your financial and health documents is by uploading them to a password-protected secure portal or cloud platform with credentials from your employer, bank or accountant. They can then download the docs and send them back to you for review or an electronic signatures when required.
“All the reputable places have them,” Velasquez says, adding that it is reasonable to ask a company about the measures it takes to protect the information in the portal. If they don’t have such a portal, consider doing business elsewhere.
No data system is impenetrable, as the many breaches that have been made public in recent years have shown, including the hacks of Ticketmaster data on 560 million customers, AT&T records on 73 million current and former account holders, 23andMe’s profiles on 6.9 million users, information on 612,000 Medicare beneficiaries and nearly 600,000 Roku customer records. But if you follow commonsense steps and take all the necessary precautions when sharing your Social Security number and other personal data, you’ll reduce your risk.
