This is really the concern. With this level of detail, someone can open any kind of new account - not just credit card - dig into everyone's lives (or political opponents on social media for doxxing). And the threat remains in perpetuity.

There is mo way to even estimate the damage as some devious ways of it harming us may not even exist yet.

> There is mo way to even estimate the damage as some devious ways of it harming us may not even exist yet.

Scifi story idea:

Far future. Life extension possible. The government will provide it free (if you want it) - one time only though - when you are near the end of your first life. Upon extension, this technology also turns the clock back to renew you to 20 years old.

You're 78 years old, frail, ready to kick it, but decide to do the extension. You go into the clinic. Give them your information, etc.

Bzzt.

We're sorry, you've already been rejuvenated before. We can't help you, unless you want to pay $$$$$$ for us to go ahead with the procedure.

lolwhut

yep.

Why would people need new SSNs? It was the credit industry that misused them as combination of unique identifier and authenticator, and that is not the SSA's responsibility to fix. The government even tried to curb misuse of the SSN, but it was not binding on private entities, and they just ignored it.

The solution, whatever it is, does not include anyone continuing to pretend that the SSN is now or has ever been suitable for any purposes other than for tracking government benefits managed by the SSA, and possibly also for tax filings with the IRS.

> other than for tracking government benefits managed by the SSA, and possibly also for tax filings with the IRS

... and all of the other government benefits, programs, or mandated activities, many (all?) of which demand your SSN. Are you even sure that the credit industry, i.e. banks, originally misused SSNs? I wouldn't be surprised if they were required, by the government, to use them, precisely because it is the closest thing to an official "unique identifier".

Some people also might be concerned with not receiving their SS benefits either, which isn't entirely far-fetched given that others might now be using it for nefarious purposes (like trying to collect their SS benefits).

> I wouldn't be surprised if they were required, by the government, to use them, precisely because it is the closest thing to an official "unique identifier".

I read something somewhere else (maybe on a different HN thread, maybe here?) that this was changed in 2000 for something called "red flag laws", IIRC.

So yeah - it is required.

You're absolutely correct. We should move to a well designed identity system. However I'd SWAG the development and deployment of such a system around 10-15 years if all of the involved parties were on-board. Equifax could provide the SSA a pile of money and the victims could have a reasonably effective defense against identity theft within months.

wouldn't it be simpler to make ssn number last only five years? it's a partial workaround, but would immediately help by reducing the attack opportunity time massively, along with making it standard to have variable ssn thorough the system and making it easier for people to just renew their after breaches like this, since the current bar for obtaining a new one is quite high

honestly this is only really an issue because organizations are using SSN as authentication and not just as identification, caused probably by the lack of a federal id scheme, compound by the inability to easily change the SSN itself as you would with an id document (which is why here ids are relatively short lived and we can get away with ssn equivalents that are for life)

Bingo. In sweden as example our birth date plus 4 unique digits is your nation wide id/ssn. So obviously your ssn is not exactly a secret and instead you also have to proove that you are you with a photo id or online 2FA id.

There's no such thing as loosing your ssn because it is already public.