Paul Roberts uncovers H&R Block’s mismanagement of social security numbers in H&R Block Mailing Reveals Customers’ SSNs. The leak was attributed to user error, but the blunder is most likely due to ill-implemented software. After all, software is responsible for printing the labels that are used for these software packages and for assessing their marketing efforts. Having the software responsible for generating tracking numbers is a common expectation.
Ordinary computer users were able to recognize their own social security numbers within a 47-digit tracking number, which is used primary for marketing purposes. Although I have not seen the software package first hand, I am certain that the social security numbers can be found at a particular offset within the tracking number. Knowing this offset will allow a person to get SSNs from labels on these packages.
Many people provide information to H&R Block when they use their tax preparation services. H&R Block naturally downplayed the threat of identity theft from their recent information leak. The company needs to minimize their negligence and increase their effort in safeguarding the information that they gather from clients, instead of simply shrugging off their mistake as a mere accident.