The Identity Theft Resource Center just issued its 2017 Breach Year-End-Review.
There are a ton of numbers in the report, like the fact there were a record number of reported breeches impacting American businesses.
However, there is also something else that really stands out.
The Social Security Number should probably be thrown out as a way to authenticate anything.
The report says: "While the debate regarding the use of the Social Security Number as an authenticator continues, it must be called out that with multiple exposures of millions of SSNs they should no longer serve as a primary authenticator."
Where have we heard this before? From Stanford CISO Michael Duff before he gave the keynote at SecureWorld Bay Area:
The Identity Theft Resource Center says that during 2017, there were 830 data breach incidents involving Social Security Numbers, representing more than half of the total reported number of breaches.
As a result of these breaches, it says almost 158 million SSNs were exposed.
Most but not all of those Social Security Numbers were linked to the Equifax megabreach, which lead to a complete meltdown on social media and this day-by-day account of what happened from the former CEO of Equifax.