Want someone else's Social Security number? It's $35 at www.secretinfo.com. It's $45 at www.iinfosearch.com, where users can also sign up...

Share story

Want someone else’s Social Security number?

It’s $35 at www.secretinfo.com. It’s $45 at www.iinfosearch.com, where users can also sign up for a report containing an individual’s credit-card charges, as well as an e-mail with other “tips, secrets & spy info!” The Web site Gum-shoes.com promises “if the information is out there, our licensed investigators can find it.”

Although Social Security numbers are one of the most powerful pieces of personal information an identity thief can possess, they remain widely available and inexpensive despite public outcry and the threat of a congressional crackdown after breaches at large information brokers.

Brokers such as ChoicePoint and LexisNexis have pledged to restrict the availability of such data after personal information on about 445,000 people was purloined from the two firms by identity thieves posing as legitimate businessmen.

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks.

And about 180,000 GM-branded credit-card holders may be affected by data apparently stolen from retailer Polo Ralph Lauren.

So far, neither those moves nor revelations of breaches at major banks and universities has curbed a multitiered and sometimes shadowy marketplace of selling and reselling personal data to similar fraud.

Keeping Social Security numbers safe

Don’t carry any document with the number in your wallet or purse. In addition to leaving your Social Security card at home, make sure health-insurance cards or other documents don’t have the number on them.

If your driver’s license number is your Social Security number, ask your motor-vehicle department to change it. Don’t print the number on your checks.

If any of your financial-service or insurance providers print your Social Security number on statements or checks that move through the mail, call and ask them to stop.

Adopt policy of not disclosing your number without requesting an explanation of why disclosure is necessary and will benefit you. Businesses cannot require it, but they can refuse to provide you service if you do not provide it.

If your number is both an account number and a password for any service, change one or both of them yourself or request the service provider allow you to do so. Do not use your Social Security number as a PIN.

The Washington Post

A simple Internet search yields more than a dozen Web sites offering an array of personal data.

Some are run by small-data brokers and other resellers. Others are run by private investigators, many of whom have complained that recently announced restrictions on the availability of Social Security numbers would hurt their ability to assist law-enforcement, track down deadbeat dads or locate witnesses.

Yet with only scant checks to verify whether someone requesting data is legitimate, several sites sell full Social Security numbers, potentially contributing to an epidemic of identity theft or fraud that touched about 10 million Americans in the past year.

No law prohibits the sale of Social Security numbers, but privacy experts and some government agencies have warned for years that the number is overused and underprotected.

Inaugurated in 1936, the nine-digit number was intended to match citizens to the retirement money they would receive. Over time, it became essential for getting or verifying credit and for doing employment background checks. It became so deeply linked to personal data throughout the economy that it became a de-facto national identifier.

“For identity thieves, it’s their magic key … that gets into every door,” said Daniel Solove, a George Washington University professor who specializes in privacy law.

Getting a number can make it possible for criminals to gain access to bank or credit-card accounts, establish credit to make purchases, or find someone they wish to harm.

Nonetheless, some insurance companies still use the Social Security number as an individual’s account number, printing it on identification cards, leaving people vulnerable if wallets are stolen or lost.

Medical offices routinely request Social Security numbers, often when initial appointments are made, and many universities use it as a student-identification number.

According to a recent study commissioned by Unisys, a technology-consulting company, about half of large financial institutions use Social Security numbers to verify the identities of customers who call in for services.

Some even use it to identify customers as part of the log-in process when they want to access accounts via the Internet.

So vital are Social Security numbers in this sea of information that ChoicePoint warned investors in a recent Securities and Exchange Commission filing that its business could suffer if the rules on distribution of Social Security numbers were tightened.

The mass breaches at ChoicePoint and LexisNexis forced the companies to be proactive.

Executives of both firms told Congress last month that for many of their non-law-enforcement clients, Social Security numbers would be truncated so that only five digits would appear on reports.

And Polo Ralph Lauren has said that it has taken steps to make its credit-card system secure.

But plenty of sources of the information still exist. Using an intermediary, The Washington Post was able to obtain the full Social Security number of a reporter within 24 hours from two of three online providers the intermediary contacted.

Not all of the providers advertise Social Security numbers. Those that do promise to verify the buyer have a legitimate reason to seek the number, such as to complete tax forms of an employee or to find someone involved in a court action.

The intermediary, a security consultant who helped the Federal Trade Commission identify illegal data sales in 1999, told the providers he needed the number for tax purposes. Two providers accepted that reason without question or requests for documentation. A third refused to provide Social Security numbers.

Robert Douglas, the intermediary, operates the consulting firm PrivacyToday.com. Douglas, who decided on the method to acquire the numbers, said he used the pretext of tax preparation because that would be a common trick used by an identity thief at this time of year.

Michael Leighton, a North Carolina private investigator who operates SecretInfo.Com, acknowledged he did not request further documentation from Douglas.

The other site that provided the reporter’s number, USRecordsearch.com, does not advertise it sells the numbers. But with the same explanation for why he wanted the data, Douglas received the reporter’s full number.

A principal of the Florida-based company did not respond to messages seeking comment.

Under a law that took effect in 2001, nonpublic data from financial records cannot be sold or transferred without giving individuals a chance to opt out. There are several exceptions, however, including employment checks, tax filing or financial-transaction processing.

But the system relies on the honesty of the person seeking data and the diligence of the person selling it.

“Until Congress understands about the resale market here, they are not going be able to get a handle on this problem,” Douglas said.

Bruce Hulme, chairman of the legislative committee of the National Council of Investigation & Security Services, the largest investigators’ trade group, said he could not condone investigators who make a side business out of indiscriminately selling data.

“They should pull those Web sites down,” he said. “They better know the client.”

Still, Hulme said private investigators have generally proved to be more careful than information brokers with private data. His organization is beginning to lobby to ensure that new laws don’t cut off private investigators’ access to data they say they need.

Several members of Congress are sponsoring new legislation, including bills that would ban the sale of Social Security numbers without individuals’ permission and to require businesses to tell customers when private data is taken.

ChoicePoint and LexisNexis say they are “re-credentialing” all nongovernment clients. At ChoicePoint, those who use the Internet to request information were greeted with a pop-up notice indicating privileges might be restored after the certification process was complete.

A ChoicePoint spokeswoman said the company plans to give full access only to government or law-enforcement agencies, banks and insurance companies. She declined to say how many of its customers, including private investigators, would end up with restricted access.

Material from The Associated Press was included in this report.