Top 5 Stories


The Undead are in the dark about Social Security data breaches

14 October 2011

The Social Security Administration (SSA) has failed to notify close to 32,000 people that their social security numbers were mistakenly disclosed on the SSA’s death master file, a public database that provides information on deceased US citizens as a death verification tool.

The SSA is not required by federal law to inform individuals who are mistakenly placed on the death master file that their names, dates of birth, and social security numbers have been publicly disclosed through the file. SSA officials estimate that 14,000 living individuals are mistakenly placed in the file every year, according to a report by the Scripps Howard News Service

The news service reviewed the death master file for the past three years and found 31,931 living US citizens classified as dead. John Jared, a retired University of Tennessee professor who was listed in the file, said that the reports of his death are greatly exaggerated.

"I certainly have never been warned about this. I totally object to that. That's just not supposed to be public information, especially not my social security number. This needs to be corrected”, Jared told the news service.

Reporters working for E.W. Scripps' newspapers and TV stations interviewed dozens of people who experienced data breaches as the result of what SSA’s termed "inadvertent keying errors" by federal workers when entering what was supposed to be information only about the dead.

None of those interviewed said that the agency warned them about the breach of their confidential information. Most said they only found out about the mistake when they experienced frozen bank accounts, canceled cellphones, declined credit-card applications, denied apartment leases, or refused loans, the report said.

As reported by Infosecurity in April of this year, the SSA’s Office of the Inspector General disclosed that living individuals were listed on the death master file, but did not reveal that SSA had failed to notify these people that their personal information was disclosed.

This article is featured in:
Compliance and Policy  •  Data Loss  •  Internet and Network Security  •  Public Sector


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×