The Social Security Administration puts millions of Americans at risk for identity theft by putting their full Social Security Numbers on letters sent in the mail.
The agency’s inspector general released an audit this week warning the government that by sending hundreds of millions of letters containing individual’s Social Security Numbers it puts them at risk for identity theft.
"According to [the Social Security Administration] SSA, in 2015, it mailed about 233 million notices that included individuals’ full SSN," the inspector general said. "We recognize SSA’s efforts can never eliminate the potential that dishonest individuals may inappropriately acquire and misuse SSNs. However, our audit and investigative work have shown that the more SSNs are unnecessarily used, the higher the probability that they could be used inappropriately."
"The security of beneficiaries’ [Personally Identifiable Information] PII should be foremost, and as a Federal agency and public servant, we believe SSA should be in the forefront of establishing policy and practice by limiting SSN use and disclosure," the audit said.
Sixty-six percent of the 352 million notices the agency sent out last year contained Americans’ full Social Security Numbers, and the government said it has no idea how many never made it to the correct address.
"While it is unknown how many of the intended addressees received these notices, our audit work has shown that the addresses in SSA’s records can be inaccurate," the inspector general said.
"We asked SSA whether it maintained any estimates on the number of mailings that were returned as undeliverable. SSA stated that it did not have any Agency-level number on undeliverable mail," they said. "SSA could not provide us an estimate of the number of notices with SSNs it mails annually that do not reach the intended recipients and are not returned to SSA."
The inspector general warned that notices sent to the wrong address can increase identify theft, as it can give strangers access to vital personal information. "Notices intercepted by unintended recipients could provide SSA beneficiaries’ names, addresses, and SSNs to individuals other than the numberholders," they said.
Auditors said they do not currently have documented proof of identity theft that has occurred as a result of agency letters going to the wrong address, though the agency acknowledged "there is a risk of identity theft anytime it sends correspondence that contains PII."
The inspector general said identity theft is "one of the fastest-growing crimes" in the country."
"With a stolen SSN, identity thieves can commit any number of financial crimes in the victim’s name or steal money from the victim," the audit said. "If the victim is a senior citizen, the thief could even target their Social Security benefits."
"SSA acknowledges that identity thieves may obtain another’s personal information by stealing their mail or rummaging through their trash," the inspector general concluded. "It is, therefore, troubling that SSA continues including the full SSN on the majority of its mailings."