Hackers may have leaked the Social Security Numbers of every American

Original Article ↗ Hacker News Discussion ↗

Corporate ownership and data-broker questions

  • Commenters find it suspicious that “National Public Data” is a subsidiary of a film/TV production company (Jerico Pictures), questioning what business model connects media production and mass personal data brokerage.
  • Some argue it may be just a holding structure; others think there’s “more than meets the eye.”

SSNs: identifier vs. authenticator

  • Broad agreement that SSNs were never designed to be an authentication secret but are treated as one.
  • Many see SSNs as useful unique identifiers but inappropriate as proof of identity.
  • Several argue that once all SSNs are effectively public, using them as an authenticator becomes impossible (which some consider a good forcing function).

Pervasive leaks and “already compromised” mindset

  • Many assume all SSNs were effectively leaked long ago via breaches at DMVs, credit bureaus, federal agencies, employers, schools, etc.
  • Some say they “don’t care” anymore and behave as if their SSN is fully public.

Responsibility, liability, and “identity theft” framing

  • Strong sentiment that current regimes externalize fraud costs onto individuals via the “identity theft” narrative, instead of treating banks and lenders as primary victims of their own lax verification.
  • Disagreement on how burdens of proof work in practice: some say banks effectively make you prove you didn’t take the loan; others say it’s an adversarial but conventional legal process.

Regulation and punishment proposals

  • Calls for new laws imposing personal criminal liability on executives (not just CISOs) for negligent data retention and bulk-extraction vulnerabilities, plus heavy financial penalties.
  • Skepticism this would work in practice due to shell companies and perverse incentives.
  • Others argue the real problem is lack of economic incentives to secure data, not impossibility.

Replacement identity systems and national ID debate

  • Suggestions: cryptographic ID systems (public identifier + private secret), PKI-based schemes, or government-issued chip-based cards similar to many European systems.
  • Counterpoints: identity is more than credentials; keys can be lost; strong root-of-trust systems can also be abused for surveillance.
  • US attempts at better IDs face political resistance (fears of government tracking, “mark of the beast” rhetoric), despite de facto national identification via SSNs and Real ID.

Practical user defenses

  • Common advice: freeze credit with major bureaus (and sometimes ChexSystems) and use IRS tax filing PINs.
  • Frustrations with credit monitoring as a default “remedy” and with bureaucratic friction around freezes/unfreezes.

Anecdotes illustrating misuse of SSNs

  • Past widespread use of SSNs as student IDs, printed on transcripts and grade sheets, and as driver’s license numbers.
  • Ongoing practices where businesses demand copies of driver’s licenses and other ID documents, potentially adding more attack surface.