PROBANAL: CIN or SSN?

2015-Feb-10

http://www.wired.com/2015/02/breach-health-insurer-exposes-sensitive-data-millions-patients/

Health Insurer Anthem Is Hacked, Exposing Millions of Patients’ Data
BY KIM ZETTER   02.05.15  |   8:28 AM  

*** begin quote ***

“Safeguarding your personal, financial and medical information is one of our top priorities,” the company said in a statement posted online, “and because of that, we have state-of-the-art information security systems to protect your data.”

It seems that state-of-the-art security system didn’t involve encrypting Social Security numbers and birth dates—two pieces of information that are highly valuable to identity thieves.

The company said it would provide credit monitoring and identity protection services free of charge to those who were affected. Anthem discovered the breach last week and is still investigating the number of people whose data was accessed, but a spokeswoman told USA Today that she believes it numbers in the “tens of millions.”

*** end quote ***

Bet the coverage is only for a year.

And, isn’t there a disconnect between what they say and what they do?

We know that SSN is a disaster, and it was never “sold to the people” as an identification number.

But it has become one de facto.

So how do we analyze this “problem”?

Simple, don’t use SSN in corporate systems as an individual’s identifier. Create your own Customer Identification Number (i.e., CIN).

Seems simple enough.

Should a cross reference be required, keep that safe and tightly controlled.

But, what do I know, I remember when corporate systems at AT&T didn’t use SSN.

Sigh!

— 30 —