Ask MetaFilter questions tagged with SSN

Crime victim (auto break-in) seeks advice (lost SSN, where to repair in SV)

Rash — Sun, 20 Sep 2009 16:03:37 -0800

Victim of auto break-in in Silicon Valley seeks advice about a) compromise of my SSN (Social Security Number) and b) reputable, affordable and speedy window-glass replacement for an old Toyota. A thief just stole my briefcase, getting no laptop (hah!) but only a bunch of paperwork for my classes (I'm a teacher).

a) Among that paperwork are timesheets with my SSN plainly labeled at the top. Should I be worried? What can/should I do about this besides checking my credit report ASAP (ie every four months?

b) 1991 Tercel; I have a trusted local mechanic but they don't do windows. Do I just bend over and submit to the dealer for a vehicle of this vintage, as any local shop will just be ordering the glass from them anyway? Or maybe you know a good place -- I'm in Sunnyvale. Thanks!

PS: Maybe I should just get the window myself, via car-part.com. I do have experience, but not on a Toyota - that was putting one-piece windows into an old VW beetle and I don't have any special Toyota tools.

One year of protection, hey thanks!

Precision — Thu, 19 Feb 2009 18:11:39 -0800

I applied for a scholarship in October, got my rejection in December. Now I get a letter telling me that my "name and social security number was inadvertently exposed to third parties." Can I sue? Here's the contents of the letter, with the organization's name x'd out:

We are writing to inform you that we recently discovered that you are among a group of individuals whose personally identifiable information, such as name and social security number, were inadvertently exposed to third parties. We regret this incident and have no reason to believe that your personal information has or will be shared with others; nonetheless, as a precaution, we are notifying you of this situation.

In this particular instance, your name and social security number were on a document that was inadvertently attached to an email transmitted to several non-commercial third-party recipients.

When this was discovered, the xxxxxxx Scholarship Program, LLC took immediate action to notify the recipients to destroy the document.

Recognizing the seriousness of this incident and the concern we share for the personal security of our applicants, we have made arrangements to provide you with *a free year of identity protection* (their emphasis) with TrustedID. TrustedID will help you proactively protect your identity by placing fraud flags on your credit reports, which will ensure that no new credit is opened in your name without your consent, and provide you with a copy of your free annual credit report. The TrustedID service is backed by a $1,000,000 limited service warranty, so in the unlikely even that anything may happen, you are covered.

Sincerely,

And yes, I do understand that "nothing is likely to happen" and such. And that only non-profit organizations received them. But, you know, actual people work at non-profits, too. People are far from perfect. Anyone who actually still has these names/numbers could easily call the organization asking about the leak (it lists a number to call with any questions, it's merely the organizations public phone number) and figure out "I just have to wait a year."

One year of protection is a nice gesture, but I don't believe it should be enough for them to waive liability after that. I've yet to sign up for it, so I haven't accepted their offer or any implicit agreement therein. I'm eighteen years old. I have a life to live, and they opened the identity theft crack just a little bit more.

I live in Arizona, the identity theft capital of the world, if that's relevant. Thanks!

Legit landlord or identity thief?

Asymptote — Thu, 15 Jan 2009 08:33:11 -0800

What personal info does my future landlord need from me to make sure I'm legit? How do I make sure he's legit? This is my first time renting an apartment. Before I sign the lease, the landlord wants (among other info) my social security number and a copy of my driver's license. He says he wants these to run my credit history and do a background check on me. Because my parents will be cosigners on the lease, he wants the same information from them.

Is this reasonable? Or am I just setting myself up for identity theft?

Furthermore, how should I go about checking him out? Is getting his background check and credit history a good idea?

Background:
The landlord lives in NY and the apartment is in CT. I have not yet met him in person, but we've talked over the phone. I've seen the apartment and met with the current residents, who say the landlord is great. I've done some preliminary web searches to check up on him, and he's almost certainly who he says he is.

how do i find out my lost social security number?

compound eye — Sun, 07 Dec 2008 19:23:11 -0800

I've lost my social security number. I'm not american, but i lived there once and had an ssn. I'm in australia, not in the united states, so i can't walk to a social security office and show them my id. How can I find out my what my number was? My social security card was stolen many years ago by a housemate's boyfriend, who for reasons know only to him, also stole my socks and my toothbrush. Not long after than I lost pretty much everything I owned while I was out of the country, so all my records from that time are gone.
(it was a bad year for property retention i guess)
I now need to know the number and given that the nearest social security office is in the us embassy in The Philippines I was wondering if there is an easier way than dealing with a busy office in another time zone. I tried one online service that claimed to be free but then wanted wanted credit card dollars to register.

any suggestions?

thanks for your help

Why aren't lenders held partially responsible for identify theft?

Benevolent Space Robot — Wed, 30 Jul 2008 14:38:47 -0800

Why aren't lenders held partially responsible for identify theft? A SSN is such an arbitrary (and easily stolen) method of establishing identity, it seems criminal that more care isn't required, or a higher standard of proof. Does this rise to the level of criminal negligence, considering they seem to be too easily opening the door to this crime?

Clearly, the responsibility ultimately lies with the person stealing the identity. But lenders have established a system that makes it pretty easy to play around with my credit, if someone was so inclined. Have they ever been sued?

Am I being overly zealous about "proper SSL implementation?"

aydeejones — Mon, 30 Jun 2008 08:49:43 -0800

Am I being overly zealous about "proper SSL implementation?" We've been working with this new collections agency for a few months now. From the very beginning, I noticed that their PHP-driven website was not secured with SSL so I refused to use it and would instead manually encrypt data (256-bit AES) and submit it to them via email. My security concerns caused me to question the entire outfit, but I was informed about how reputable the company is, and how much better they would be than our current agency, etc.

They have a "Place Accounts" page on their website where you are expected to fill out a full-blown help-us-skip-trace form (including social security numbers) which was not secured. You also have the option of uploading CSV files. In either event, the page was not secured.

I asked them to implement SSL (and secure FTP, if possible). A month later, you go to their "Place Accounts" page and are told by IE "this page contains secure and non secure items..." The page itself was an https resource, but the "action" property of the form redirected to a non-secure URL, meaning that when you filled out the form (or uploaded the file) the transaction was not encrypted (correct?).

So I complained about this, and they changed the "action" property of the form to redirect to a secure resource, but then changed the way they link to the "Place Accounts" page, so that their "Place Accounts" page was once again a standard http resource, eliminating the "secure and non-secure items" warning from IE but giving the user no visual cue (no padlock icon, or https) that the site is secure.

I complained again; a month later we're back to an https "Place Accounts" page, the "action" property of the form is secure, but the page still contains "secure and non-secure items," which causes a warning, does not present a padlock icon, and therefore requires a careful user to scrutinize the source to truly know that the page is "secure enough." Sure, it's probably usable at this point, but this is sort of like dealing with terms and conditions that can change at any time; if I can't just glance and see a padlock, how do I know, each and every time I use the page, that it hasn't been tweaked and broken again?

At this point I feel I should inform them that their web administrator / developer is incompetent. Am I being overzealous? How should I approach this? I've been working with their IT manager who I'd expect should be able to communicate with the web team, but do I need to grab the bull by the horns and talk to these guys directly? Should it really be this complicated? Why not just secure the entire site and use SSL everywhere to eliminate all doubt?

I've explained what I'm looking for many times (the entire "Place Accounts" page should be secured in order to present the padlock icon and no warnings) and it seems they take an entire month to make a change and get back to me, and it's a different, less-than-ideal result each time.

I'm also curious about your general attitudes towards encryption of data in transit. I deal with HIPAA a lot, which contains "addressable" requirements for encryption. I am often told by different folks that my approach to security is paranoid; "nobody's going to intercept that file! That'd be too hard!" In the case of email there are plenty of ways to breach security without intercepting individual packets (i.e. guessing a webmail password), whereas in an HTTPS situation, there isn't a cheesy Yahoo account on the other end, and you're more specifically concerned about interception in transit.

This isn't the first business I've encountered that deals with confidential information yet can't seem to properly implement SSL. Back me up here or tell me how you see it. I don't want this to become chatfilter, but I need your help in calibrating my security perspective.

Help me help him look for a job

Jaie — Thu, 02 Nov 2006 10:37:44 -0800

Social security numbers on job applications. I have a library user who is applying for hourly-level jobs at places that only accept online applications. A surprising number of the application sites ask for a social security number, and are set up so that unless you put nine digits in the SSN field you can't proceed to the rest of the application. This library user wants to play by the rules but is, naturally, reluctant to give out this information. All the job sites (Monster.com included) say you should never provide your SSN until you are in the final stages of being hired. It's my understanding that a company cannot require an SSN of an applicant (although I could be wrong about that), but in this case there's no way to get around giving them one. No matter how much I Google, I can't find any advice about what to do when you have to put in a number to get to the rest of the form. So I have come to the ultimate source of advice, Ask MeFi.

If we enter a string of random numbers, is it going to knock his application out of consideration? How will the company react if/when he is hired and has to give his actual number? These are entry-level positions like stocker or parking lot attendant, if it matters.

Social Insecurity Phone Number

DragonBoy — Tue, 01 Aug 2006 11:51:01 -0800

Yesterday I spent two hours in line at the Social Security Office to get a new card for my son. Considering how long the wait was I can't believe the rules they had for waiting in line. Please help me understand the rational for not allowing people to use their mobile phones. The SSA guard on duty was also very active about enforcing the "No Cellular Phones" rule. I got told off for sending text messages and playing games on my phone. Other people were threatened with losing their place in line because they were making calls. No one was loud enough to bother others and really, the guard's enforcement of the rule made standing in line all the more miserable. Is this a violation of my rights to free speech? Can the SSA ban cell phones in their offices?

I have to go back to the SSA in a couple of weeks to update my card and before I do I'd like to know all the facts so I can be prepared for the overzealous guard.

Credit Card without an SSN

blue_beetle — Tue, 11 Oct 2005 12:20:23 -0800

I want a US credit card. I don't have a SSN. New US (temporary) Resident, no SSN (applied for, but waiting). I want a credit card now. How? Who? Where?

Keeping my SSN private

jessamyn — Mon, 04 Jul 2005 14:15:47 -0800

I have a new health care provider via a state-sponsored program. They use my social security number as my ID number. What is the most effective way to fight this? It is on the health care ID card I am pretty much required to carry. I have to write it on the checks I use to pay my premiums. It's on every bill and statement I get. I would prefer to not use my SSN as an identifying number, not so much that I will forego health care, but enough that I be willing to try fairly hard to get them to change their mind. I'm not against giving them my SSN, I know why that is important, I just don't want to have to carry it in my wallet or write it on my checks. It seems that in this day and age requiring people to do that is a bad idea though not, as many people have told me now, illegal. Here is what I have done so far.

- I called my provider and asked them for an alternative number, and they said no. This has worked in the past with all of my other health care providers, including state insurance in other states. I asked to speak to a manager there and was told my request would be sent to a manager who would get back to me if there was anything they could do.
- I contacted the state heath care agency who gave me two weeks' worth of back and forth before saying "It's policy to use it, we need to have it to ID you" which I think was missing the point I was trying to make, but follow-up emails were not returned.
- I contacted the state health care omsbudsman who said if I had a religious objection, I could get an alternate number. I do not have a religious objection and am somewhat opposed to claiming I have one. However, this implies that there is a mechanism for providing alternate numbers.

So, I'm wavering between contacting one of my elected officials by phone [state senator or maybe Congressmen], trying to arrange a meeting with an administrator at the health care agency, or going the letter to the editor route. I'm tenacious, but I'd like to work towards results, not just idle fist-shaking.

I was wondering if anyone has experience fighting the use of their SSN in similar ways and what worked for you -- both resource-wise and who-to-contact-wise -- and what was lesss useful.

Savings Bond with Anglicized Name and Giver's SSN and Address -- Can I Still Redeem?

greatgefilte — Sun, 19 Dec 2004 21:19:24 -0800

Incorrect information on US Savings Bonds... Some bonds that were given to me years ago are coming of age, and horror of horrors, there's one that's got just about every piece of information wrong. The last name has been Anglicized, the social security number is the giver's, and the address under my name is the giver's as well (I suspect this came from a well-meaning relative who used a not-too-perceptive messenger to actually get the bond).

Will it be a big hassle to redeem this bond when the time comes? I'm told that if it's just a name or a SS number that's incorrect, it's usually not a problem, but this seems like the next level.