Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bare Social Social Security Numbers

From: Ken Connelly <Ken.Connelly () UNI EDU>
Date: Mon, 27 Mar 2006 11:13:37 -0600
My *guess* would be no because this doesn't seem to be much different
than a list of nine-digit, pseudo-random numbers.  Choose the first
three digits based upon where you're located and then random digits for
the last six and you've got another list of a different group's SSNs.  A
lot, however, depends upon the context of the list location and the size
of the list.

- ken

Geoffrey S. Nathan wrote:


Quick poll (apologies for cross-posting..)

Suppose a file was stolen/accessed containing only social security
numbers with no names attached.  Would this constitute a security breach
necessitating notification of those whose numbers were compromised?
(Leaving aside the question of whether the theft/access itself is a
breach).

Geoff



--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373
It's much more important to know what you don't know than what you do know!
Previous By Date Next
Previous By Thread Next

Current thread: