Before we go to encryption, let's talk about all the SSN you put on paper you file for bank, government, employment. That's right. They are all in clear. Whatever you sent to your employer over email (rather than fax) are still in clear.
A lot of these attacks are trojan already breached the network and insider attacker. The latter is often due to infection (e.g. USB, browsing problematic website). Encrypting file, encrypting SSN field is not a full solution but is definitely a really good solution.
Tax and Identity Fraud are not anything new - but the way they are accomplished has changed significantly.
Sure you can physically intercept mail - but there is a huge difference in magnitude. I wager you could not in any practical way intercept millions (or even thousands) of paper records without being traced.
That's why these poorly protected digital records are such a gold mine.
What surprises me most is that the US doesn't seem to have the same law as here in Canada. Here, pretty much only the bank, government, or your employer can ask for your social as that's the law. Plus, they don't send it in the clear on-line. You'll get receipts either from a secure Web site or physically mailed to your address.
A lot of these attacks are trojan already breached the network and insider attacker. The latter is often due to infection (e.g. USB, browsing problematic website). Encrypting file, encrypting SSN field is not a full solution but is definitely a really good solution.