As someone who’s knows some stuff about computers, shouldn’t the SSN be encrypted just like a password? Just like a password is never stored in plaintext, shouldn’t something similar be applicable for SSN when being stored? If so, when a data breach occurs, the SSN should not be available right?
In: 0
Social security numbers have already been breached several times through various outlets. Never use a social security number for validation or security.
The problem is that they must be transmitted as text, unlike passwords, you can’t just use the hash of a ssn to provide it’s the right ssn
As such, the whole SSN could be retrieved if a malicious user had access to the raw database and whatever tools were used to read it
At some level somebody has to have access to the key to decrypt the SSN. If you can get access to the key, you can get access to the data. If somebody breaches your entire system they’ll have access to all the keys and the data.
Sometimes even if an attacker doesn’t have the keys, the encryption is so poor that an attacker can break it (happens more than you think).
And sometimes eventhough you think an organization would have your data encrypted, they don’t. This is why you need to be careful about who you give your data to.
Latest Answers