More modern IT could keep SSA from mailing out Social Security numbers

Shutterstock image: digital records overlay.

If you have ever received a notice in the mail from the Social Security Administration, odds are your Social Security number was on it. Of the 352 million notices the agency mailed last year, about 233 million included the recipients' full SSNs, potentially putting people at risk of identity theft, according to an inspector general report released on April 27.

The government has long advocated that agencies stop using the numbers as personal identifiers, and many large agencies have already done so. The IG recommends that SSA follow suit and prioritize removing SSNs from their mailed notices and re-evaluate how much it would cost to do so.

SSA officials agreed with both recommendations but said making the change in fiscal 2016 would mean postponing other critical IT projects. Meanwhile, the agency plans to use existing IT projects to replace SSNs with Beneficiary Notice Control Numbers on a case-by-case basis and as resources permit.

Right now, the agency's operational and systems infrastructure is still designed for SSNs. Employees cannot communicate personal information to callers without the numbers, even if they have their BNCs. And if they don't remember their SSNs, callers have to go to a field office, where an employee searches for their numbers. That could create confusion, longer call times and more field office visits.

Also, SSA employees cannot use BNCs to query the Online Retrieval System where they store electronic copies of mailed notices. Instead, they must must cross-check the BNC with the SSN, adding a step to the process.

An SSA workgroup formed in June 2015 recommended delaying the removal of SSNs from all notices until the agency has enough resources. The workgroup estimated it would cost about $14 million to replace SSNs with BNCs on mailed notices, but the IG said the group did not provide documentation to support that estimate.

Ultimately, the IG stressed the importance of protecting people from the risk of identity theft associated with sending personally identifiable information through the mail.

"Convenience should not come before the security of individuals' private and sensitive information," the report states.

About the Author

Bianca Spinosa is an Editorial Fellow at FCW.

Spinosa covers a variety of federal technology news for FCW including workforce development, women in tech, and the intersection of start-ups and agencies. Prior to joining FCW, she was a TV journalist for more than six years, reporting local news in Virginia, Kentucky, and North Carolina. Spinosa is currently pursuing her Master’s degree in Writing at George Mason University, where she also teaches composition. She earned her B.A. from the University of Virginia.

Click here for previous articles by Spinosa, or connect with her on Twitter: @BSpinosa.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected