Misuse of Sensitive Information
In the spring of 1997, the U.S. Social Security Administration decided to allow citizens to access their retirement projections on the Web.
The user had only to enter his or her social security number and birth date.
However, the SSA soon discovered that malicious individuals who had access to both pieces of information could get other people's projections.
Many such individuals were caught prying into others' accounts. The SSA promptly closed the site.
As a service to Social Security participants, the SSA site was a good idea. However, the Internet security infrastructure was not strong enough to protect this information.
Anyone with someone else's social security number and date of birth could masquerade as that person.
How did the malicious individual get the social security number? From several sources: Every year, the U.S. Postal Service delivers IRS Form 1040 to most households.
The address label on this form contains the recipient's social security number. Underground Web sites also trade in pirated social security numbers.
any information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of federal programs,
or the privacy to which individuals are entitled under section 552a of title 5, United States Code (the Privacy Act of 1974),
but which has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense or foreign policy.