• SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Call us today! 844-OCD-TECH

Find our Location
OCD TechOCD Tech
  • SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us
Scraping Social Security Numbers on the Web

Scraping Social Security Numbers on the Web

October 1, 2018 Posted by Matthew Smith cyber intel, Cybersecurity, fraud, IT Security

One of the most accredited forms of validation for a citizen’s identity is a Social Security Number. A Social Security Number is a significant piece of government-issued identification in the United States. When this information is compromised it can lead to serious problems where an individual can use a stolen Social Security Number, along with a name, to impersonate another citizen.

A citizen may never know that their Social Security Number has been compromised, but even if they do, it can still take several months (or years) to obtain a new one. When a Social Security Number is compromised, whether it’s known or not, a malicious entity can leverage it to impersonate a citizen to achieve various goals including utilizing their health care and opening credit lines.

The most important steps to take, once it is believed that a Social Security Number has been compromised, is to first file an identity theft report with the local police. Secondly, place a fraud alert on your credit file which will be displayed on a credit score to indicate a potential identity theft has occurred. This can be done by contacting a credit reporting agency such as Equifax, TransUnion, or Experian.

Identity fraud is more common than many citizens believe. A study done by Javelin Strategy and Research released its findings in February of 2018 revealing that the rate of fraud victims per year is increasing.

Many incidents of identity fraud can be traced back to data breaches of major companies that deal with and store sensitive information of citizens. A recent example of a large amount of Social Security Numbers being leaked is the Equifax data breach discovered in July of 2017. This breach has a reported Number of 145.5 million who were affected. Due to this breach, many citizens have their Social Security Numbers being sold online for anyone to purchase or being shared freely by malicious entities.

When hackers and identity thieves look to share information or advertise information they’re looking to sell, they migrate towards websites that allow for anonymous posting. The most commonly known, and utilized, are Pastebin, Gist, and Slexy. At OCD-Tech we have been developing a tool that constantly scrapes these anonymous posting sites for sensitive information, one of which is Social Security Numbers.

We were able to capture 28,260 unique Social Security Numbers over about a year and 3 months. That comes to an average of 239 Social Security Numbers per week and 1,047 Social Security Numbers per month. The below image indicates a mapping of Social Security Numbers we found to the corresponding state which they were assigned from. (This practice was discontinued after June 2011, so not all found Social Security Numbers may be mapped)

d3-cloropleth-map

https://plot.ly/~DanScrapy/20/ssns-scraped-from-march-2016-to-june-2018-hover-for-breakdown/

Protecting yourself from identity theft is a losing battle. The majority of Social Security Numbers compromised are due to breaches, which means there isn’t much to be done by citizens to protect their Social Security Number. The best that can be done is to monitor your credit report and stay up-to-date on current events involving breaches of sensitive information, especially those regarding companies you’ve given your Social Security Number to. Performing these actions can allow a citizen to report a potential threat quickly and mitigate damages. Alternatively, there are companies that provide identity theft monitoring as a service.

This project was created by Daniel Bohan and Daniel Kelly.

Tags: CYBERcyber securitycybersecuritydata breachInformation SecurityIT Securitypersonally sensitive informationsecurity
Share
1
Avatar photo

About Matthew Smith

OSCP OCD Tech Penetration Tester and Security Analyst

You also might be interested in

CHOOSING CYBERSECURITY

Choosing Cybersecurity

Apr 23, 2024

OCD Tech vs. The Rest  As cybersecurity experts who understand[...]

ftc safeguards rule

FTC Safeguards Rule

Jun 13, 2024

What’s Changed & What to Do Next  The FTC Safeguards[...]

Why backups and storage are critical

Why backups and storage are critical

Mar 26, 2024

Data is the lifeblood of our digital world. Businesses and[...]

Find us on

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send Message
OCD Tech logo Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

  • OCD Tech
  • 25 BHOP, Suite 407, Braintree MA, 02184
  • 844-623-8324
  • https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
– SOC 2 ® Readiness Assessment
– SOC 2 ®
– SOC 3 ®
– SOC for Cybersecurity ®

IT Advisory Services
– IT Vulnerability Assessment
– Penetration Testing
– Privileged Access Management
– Social Engineering
– WISP
– General IT Controls Review

IT Government Compliance Services
– CMMC
– DFARS Compliance
– FTC Safeguards vCISO

Industries

  • Financial Services
  • Government
  • Enterprise
  • Auto Dealerships

© 2025 — OCD Tech: IT Audit - Cybersecurity - IT Assurance

  • OCD Tech
  • About Us
  • Contact Us
Prev Next