On Retirement

Someone tried to hack my Social Security account

Government website offers tips to protect personal data, but gaps may remain

Nov 6, 2017 @ 12:00 pm

By Mary Beth Franklin

Several InvestmentNews readers have asked me to weigh in on whether the recent Equifax data breach, which affected an estimated 143 million Americans, could compromise online Social Security accounts.

Equifax, one of the three major credit bureaus, announced in September that it had experienced a major data breach last summer involving Social Security numbers, birth dates, addresses and in some cases driver's licenses and credit card numbers, for about half of all American adults.

The pilfered information is the perfect recipe for committing identity fraud. In theory, hackers could use this sensitive personal information to set up an online Social Security account in your name, file for those benefits when you became eligible and direct the payments to a new address and bank account without your knowledge.

The bigger question is, can they use that same information to gain access to the millions of existing My Social Security accounts and possibly divert benefits?

While researching this question, I discovered a nasty surprise. Electronic access to my account was suspended after someone tried––unsuccessfully––to log into my account.

"We tried three times to match the information you provided with our records, but were unable to do so," the error message said. "The suspension will not affect any Social Security benefits you receive," the generic notice assured me.

WHAT NOW?

But I'm not receiving any Social Security benefits. I just want to make sure my online information is secure. What now?

The website directed me to contact SSA's toll-free number at 800-772-1213, but the help desk is only staffed Mondays through Fridays, not over the weekend when I discovered the possible security breach.

I sent an email asking about next steps. Although I have not yet received a response from SSA, I was able to access my account Monday morning without further incident. Perhaps the extra security measures I agreed to six months ago helped thwart an unauthorized hack.

Meanwhile, inquiring minds want to know if their online accounts are safe.

Without mentioning the Equifax breach directly, Jim Borland, acting deputy director for communications at the Social Security Administration, posted a blog on the agency's website in mid-September about "protecting your Social Security".

"A My Social Security account is your gateway to many of our online services," Mr. Borland wrote. "Create your account today and take away the risk of someone else trying to create one in your name, even if they obtain your Social Security number," he advised.

Anyone 18 or older who has a Social Security number, a U.S. address and a valid email address can set up an online account. In addition to supplying these critical personal details, the Social Security Administration will ask applicants to answer a variety of questions that are cross-referenced with their credit reports, such as the name of the bank that holds their mortgage or car loan, to verify their identity.

EXTRA SECURITY

You can also sign up for extra security when you first register for a My Social Security account or add it to an existing account, as I did several months ago before the Equifax data breach.

As an additional security measure, Social Security will ask for one of the following: the last eight digits of your credit card; information found in your W-2 tax form; or information from your self-employment tax form. An upgrade code will be mailed to your home address, usually in five to 10 business days. The letter will include step-by-step instructions to finalize the security upgrade.

"If you already have a My Social Security account, but haven't signed in lately, take a moment to login to easily take advantage of our second method to identify you each time you log in," Mr. Borland wrote, explaining that you can choose to have a one-time code texted to your cell phone or sent to your email address as an added security measure. "Using two ways to identify you when you sign on will help protect your account from unauthorized use and potential identity theft," he added.

One of my readers cited Mr. Borland's blog as full of great advice, but noted it still left some questions unanswered.

"It does not specifically state that it takes more than the four identifiers stolen at Equifax (name, birth date, address and Social Security number) to make changes to Social Security accounts that could lead to a diversion of benefits," the reader said in an email.

"If there are sufficient cybersecurity measures in place to prevent this, I think the SSA communication should be updated to make that clear," he wrote. "On the other hand, if new measures are necessary, they should take them now and then publicize those measures."

I agree. I sent the reader's comment to the SSA press office last week, but so far, I have not received a response. Stay tuned for details on the broader issue of protecting our online Social Security accounts.

0
Comments

What do you think?

View comments

Upcoming event

Sep 10

Conference

Denver Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in six cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Most watched

INTV

Young professionals see lots of opportunity to reinvent the advice experience

Members of the 2019 InvestmentNews class of 40 Under 40 have strategies to overcome the challenges of being young in a mature industry.

INTV

Young advisers envision a radically different business in five years

Fintech and sustainable investing are two factors being watched closely by some of the 2019 class of InvestmentNews' 40 Under 40.

Latest news & opinion

Vermont establishes restitution fund for victims of investment fraud

Portion of settlements with financial perpetrators would supply the pool.

10 IBDs with the most variable annuity revenue

Although the popularity of VAs has declined in recent years, some independent broker-dealers still do a good business in them.

Target-date fund design may be wrong for retirees

Researchers suggest the funds don't adequately hedge against sequence-of-returns risk in retirement.

InvestmentNews' 2019 class of 40 Under 40

Our 40 Under 40 project, now in its sixth year, highlights young talent in the financial advice industry. These individuals illustrate the tremendous potential of those coming up in the profession. These stories will surprise, entertain, educate and inspire.

New Jersey fiduciary rule: Pressure leads to public hearing, comment deadline extension

Industry push results in chance to air grievances on July 17 and another month to present objections.

X

Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.

X

Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print