For my friends and colleagues who live in Loudoun County, the water utility – Loudoun Water – recently sent a letter asking for ratepayers to register for access to their new online portal with their account number and social security number.
Only governments you pay taxes to, employers you earn money from and certain financial institutions have the right to obtain your full Social Security Number. I’ve checked this with several legal experts and they confirm it. Some service providers who want to quickly check your credit may ask for it, but they can find other ways without putting your number at risk.
This is good to remember because as we are discovering, even the U.S. government is hackable, as are retailers and health insurance providers, to name just a few.
Because my husband and I had our personal information hacked through Anthem Blue Cross Blue Shield – so far with no financial consequences – we’re extra sensitive to what information we must supply. And we hope you are too.
FYI, one of The Best cyber security experts my husband and I have met is Loudoun County's own Morgan Wright, who runs his own security business. Morgan is among those who affirm the absence of ANY need to provide one's social security number to anybody but those I outlined above.
Morgan recommends holding off even providing the last four digits -- as Loudoun Water's web site asks for -- because a proficient hacker with a powerful computer program can determine the first three digits if he/she can find out where you were born. Yep, the state you were born in might give that away, Morgan says. So, if you've surrendered the last four digits, that leaves only the middle two digits for hackers to guess at. And that wouldn't take long for a program to run through all the possibilities.
If you’ve already provided the last four digits to Loudoun Water when, for example when you signed up for service, they probably already have it in their system. But even the re-entry of that information could heighten the risk with the LWConnect site, especially since it’s previously-planned launch was complicated by software integration problems.
Morgan recommends asking these five questions of anybody who asks for your personal information:
- Why do they need it?
- How will it be used?
- What is the state or federal law that requires me to provide it?
- What happens if I refuse?
- How will you protect my information?
So make one of your New Year's resolutions to protect your social security number, and all other personal data for that matter, every way you can.