You are the owner of this article.

Here’s how the internet attacked me

Robert Samuelson

Robert J. Samuelson writes a twice-weekly column on economics.

WASHINGTON — I got hacked. It was scary.

In this age of cybereverything, we all live in dread that we’re going to be somehow attacked by the internet. Nearly everyone seems vulnerable. The internet is changing how we work, play, socialize, shop — and what we love and fear. We’re all exposed to its excesses, eccentricities, pleasures and pains.

Your data is for sale, as my colleague Geoffrey A. Fowler points out. If there is a saving grace, it is this: We assume that “bad stuff” always happens to somebody else. Well, not always.

My encounter with bad stuff began a few weeks ago when I received a letter from the Social Security Administration, via “snail mail.” By itself, this was neither alarming nor threatening. If you’re 65 or over (I am 73), you receive regular notices from Social Security and its first cousin, Medicare.

The letter looked authentic — and was. “Thank you for using Social Security’s online services,” it said. “On June 28, 2019, you successfully created an online account with the Social Security Administration.” This, too, seemed innocuous, except for one troubling detail: I didn’t create an online account with the social security administration.

True, I already receive my monthly Social Security benefit through electronic deposit into my bank. But that had been going on for years. It was the only contact I desired with the Social Security Administration (SSA). Perhaps SSA was quietly expanding its bureaucratic reach. Or not. I decided to call the 800 number in the letter. (The 800-number seemed legitimate, because the same number appeared on many SSA sites.)

The wait was about an hour. I was repeatedly tempted to hang up. I’m glad I didn’t. The woman who answered was courteous and helpful. Yes, my personal data had been altered, so that my monthly benefit would be diverted to someone else’s bank account, not mine. She reinstated the correct address and put a “block” on the account, meaning that unless I visited an SSA office, my personal information could not be changed.

“You will continue to receive your monthly payments,” the SSA promised. That’s reassuring, if true. (Note: Anyone familiar with my policy views knows that I favor benefit cuts for the affluent elderly. Accepting benefits now may seem hypocritical. Not so. I would gladly cut mine as part of an overall program.)

Just how my personal data was altered remains a mystery to me and, perhaps, to the SSA. “It’s hard to know how identity thieves obtain personal information used to commit this type of fraud,” said SSA Inspector General Gail Ennis in an email.

We do know some things, however.

The existing approach to creating reliable identification numbers (say, Social Security cards or driver’s licenses) is known as “knowledge-based verification” (KBV). To prove you are who you say you are, you’re asked questions to which, presumably, only you know the answers: for example, your birthdate, home address or Social Security number.

But the KBV “model has fallen apart online,” asserts The Better Identity Coalition, a group searching for more accurate approaches. KBV is hobbled because data breaches have made a lot of “secret” information widely available to cybercriminals on the internet.

The number of reported data breaches — hostile penetrations of computer networks — has soared from 421 in 2011 to 1,579 in 2017, according to the Identity Theft Resource Center. Each breach in turn may contain data on millions of people. The breach in 2017 of Equifax, a major credit bureau, is widely regarded as a bonanza for cyberthieves, because it contained personal data on more than 147 million people.

Against this backdrop, I surmised that the SSA must be swamped with complaints like mine: benefits that were digitally hijacked. Wrong. Their number peaked at about 12,000 in 2013. For the first half of 2018, that number was down to about 200, estimates the OIG’s office. Compared with the roughly 63 million Social Security recipients, that’s virtually nothing.

One explanation for this apparent paradox is that some transfers are done more securely through electronic networks than by checks, which can be stolen in the mail or lost from natural disasters. In 2013, the Treasury required that virtually all benefits be paid electronically.

Another safeguard, which was important in my case, was the requirement that recipients receive by mail any notice of a change in address. If the change is legitimate, it’s routine. But if the address change is bogus, as it was for me, then the beneficiary can contact the SSA before any serious fraud takes place.

So, be forewarned. This is the internet’s new normal. It expands our choices but compromises our freedom. It encloses society in a permanent cocoon of suspicion. There’s no escaping its grasping tentacles.

Distributed by The Washington Post Writers Group.


The Daily News-Miner encourages residents to make themselves heard through the Opinion pages. Readers' letters and columns also appear online at Contact the editor with questions at or call 459-7574.

Community Perspective

Send Community Perspective submissions by mail (P.O. Box 70710, Fairbanks AK 99707) or via email ( Submissions must be 500 to 750 words. Columns are welcome on a wide range of issues and should be well-written and well-researched with attribution of sources. Include a full name, email address, daytime telephone number and headshot photograph suitable for publication (email jpg or tiff files at 150 dpi.) You may also schedule a photo to be taken at the News-Miner office. The News-Miner reserves the right to edit submissions or to reject those of poor quality or taste without consulting the writer.

Letters to the editor

Send letters to the editor by mail (P.O. Box 70710, Fairbanks AK 99707), by fax (907-452-7917) or via email ( Writers are limited to one letter every two weeks (14 days.) All letters must contain no more than 350 words and include a full name (no abbreviation), daytime and evening phone numbers and physical address. (If no phone, then provide a mailing address or email address.) The Daily News-Miner reserves the right to edit or reject letters without consulting the writer.

The Daily News-Miner encourages residents to make themselves heard through the Opinion pages. Readers' letters and columns also appear online at Contact the editor with questions at or call 459-7574.

If you're interested in submitting a Letter to the Editor, click here.

Submit your news & photos

Let us know what you're seeing and hearing around the community.