Security experts say most Americans are likely to have their sensitive personal information stolen at some point in their lives. Sometimes, it happens when an individual unwittingly clicks on a malicious link in an email; other times, it's a trusted retailer or health insurance provider that fails to maintain control of their customers' data. And, increasingly, government data breaches have led to massive amounts of compromised personal information.
As it becomes clear that even the government has trouble keeping data safe, a pair of House members from opposite corners of the country are teaming up to try and keep some sensitive information out of the government's hands entirely.
Reps. Vern Buchanan, a Republican from Florida, and Jim McDermott, a Democrat from Washington, introduced a bill this month that would require the most commonly used tax forms to include a truncated Social Security number. The bill would affect W–2 tax and wage forms, which are distributed to every wage earner in the U.S. that makes at least $600 a year.
When McDermott put forward the same bill last year, it never got off the ground. But since then, a pair of data breaches at the Office of Personnel Management compromised the personal information of more than 22 million people. The stolen data included Social Security numbers, sensitive health and financial information, and more than 5 million fingerprints.
Although the bill from Buchanan and McDermott would have done nothing to prevent the scale or harm of the OPM breaches, the events brought into public light the ever-present danger of identity theft.
The federal government has budgeted $500 million for post-breach identity theft protection over the next five years, an admission that more events like the OPM breaches are on the horizon.
Buchanan hopes that his standing as a senior member of the House Ways and Means Committee will give the bill a better chance this year, his press secretary, Joe Sangiorgio, said. And if the bill does not succeed as standalone legislation, Buchanan expects the bill "will be rolled into a larger tax privacy measure already drafted in the Senate," Sangiorgio said, referring to a bill under consideration in the Senate Finance Committee.
The Internal Revenue Service, which distributes the tax forms that would be affected by the House bill, has had its own share of data woes. The agency announced this summer that about 330,000 taxpayers' accounts were affected by a data breach that occurred when attackers got around an identity-verification system and accessed users' tax histories.
In that cyberattack, however, hackers were able to defeat the identity-verification system because they already had access to taxpayers' personal information, including Social Security numbers. That information came from other sources—likely other data breaches—and was enough to trick the system into letting the attackers in.
The attempt to limit the use of Social Security numbers on federal forms is a step toward compartmentalizing sensitive information from leaks. But because Social Security numbers are very difficult to change but are fairly ubiquitous, the bill is an attempt to plug just one of countless holes through which the number can leak to an identity thief.