US Social Security Number disclosure

OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.5 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 WSTG-CRYP-03

In the US, a Social Security number is a number issued to U.S. citizens, permanent residents and temporary (working) residents. This number is issued by Social Security Administration. This agency is an independent agency of the United States government. There are servers that disclose the Social Security Numbers of the users. This information includes your bank or credit information. If an attacker gets hold of your Social Security Number, he can use this number to get other personal information like address, credit card numbers etc.

Acco rding to US law, disclosure of a person;’s Social Security Number is an offence. The compensation can vary from $100 to $500,000.


The impact include:-

  • Using the social security number, an attacker can access sensitive information. That is, there will be a loss of personal data.
  • Compromised social security number will compromise the security of the users.

Mitigation / Precaution

Beagle recommends:-

  • Not exposing Social Security Numbers on the website.

Latest Articles