Our military troops are twice as likely to be victims of identity theft as the general population. The reason is in the structure of military culture.

Lysa Myers, Security Researcher, ESET

May 5, 2014

4 Min Read

People in the military knowingly agree to put their lives in danger when they enlist, but there’s something else they’re putting on the line that they have not agreed to risk. More people reporting identity theft are members of the military than of any other demographic in the US. While this is shocking, upon further analysis, it is not particularly surprising.

According to a 2013 Federal Trade Commission study, people in the military report identity thefts at twice the rate of the rest of the population. Why is it that their identities are at greater risk? The answer is in the structure of military culture itself.

Peril is all in a day’s work
Historically, the military has had a culture of identifying each soldier by an assigned service number as much as with a given name. Since 1974, this number has ceased to be a separate, assigned service number; it was changed to be the Social Security Number (SSN) by all branches of the military.

In 2008, the federal government acknowledged the danger of the overuse of SSNs for the civilian population, yet this practice is still very much in place for members of the military. It wasn’t until two years later that the government even acknowledged the issue for service members. While most people are becoming increasingly sensitive about the use of this identifier, in the military, people are still trained to give their SSNs in the course of daily life.

My own awareness of this culture began while researching the use of SSNs in the context of healthcare: Federal interactions are some of the last remaining places where SSNs are still required for identity verification. This means that people who are dependent on the government for employment or financial assistance are required to provide their SSNs, to people and on forms, much more frequently than the general population. 

And government ID is far from the only time military members are obligated to disclose parts of their SSNs: If they want to get their laundry done, or even check out sports equipment at the gym, it’s customary to offer up the last four digits of their SSNs like a sort of password or a membership number. This all leads to a culture of devaluing this identifier in the minds of service members, which is very much at odds with its value to cyber criminals.

The silver lining here is that use of the SSN as an ID number is slowly being phased out both in visible data on ID cards and on their magnetic stripes. But identification “dog” tags for various branches of the military still visibly display this data.

Extra criminal motivation
Aside from the ID theft buffet created by the rampant overuse of SSNs in military culture, cyber criminals also have an extra advantage to help them put the screws to service members: Having bad credit can seriously limit soldiers' careers, whether it’s due to their own mistakes, predatory lenders, or ID fraud.

Criminals have historically viewed soldiers (especially those who are new, young, or about to deploy overseas) as "money delivery machines." Laws have been enacted to try to curb some of the more egregious instances of criminals taking advantage of soldiers, especially around so-called “payday loans.” But the unfortunate fact is, because creditors can report delinquent credit to commanding officers and put a soldier’s future career at risk, those creditors have more leverage to compel payment, regardless of how sketchy the terms of the loan are. Online loan scams in particular can be a big source of military identity theft.

In recent years, a number of sites have also sprung up offering “group ID verification”, for different groups with their own unique membership numbers, such as military members and students. It is common for these sites to offer deep discounts to these groups in exchange for their ID numbers. Those ID verification sites can frequently be a data grab, where criminals turn right around and use the data for ID theft and fraud.

Service members can protect themselves
While service members are at greater risk for identity theft, they also have extra means to protect themselves. In a document specific to military personnel, the FTC website has a number of great resources for how to tell if an ID has been stolen and what to do if it is. Note in particular that service members, when deployed, can make use of an “Active Duty Alert” that can help prevent unauthorized accounts from being created.

The single best thing service men and women can do to protect their credit is to regularly run a free credit check report. Beyond that, they should secure any documents or files that display their SSNs, and shred those documents they do not need to keep. While the system as it currently exists is imperfect, our military can still protect and defend individual identities.

About the Author(s)

Lysa Myers

Security Researcher, ESET

Richard Roth leads Dignity Health's innovation efforts, which seek to create and test novel services, programs, partnerships, and technologies – from within and outside of healthcare – that challenge the status quo and have the potential to reduce the cost of care, improve quality, and/or increase access to services. Working in concert with Dignity Health employees and physicians, he works to anticipate emerging trends and technologies with the goal of incubating, studying, and scaling efforts to improve care. He led Dignity Health's efforts in forming SharedClarity, a novel new startup focused on creating transparency into medical device performance in an effort to improve patient outcomes and lower the cost of care. Roth holds a Master's degree in healthcare administration from the University of Minnesota and a Bachelor's degree in public health from West Chester University.  

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights