Ardeaem writes "The University of Missouri is reporting that a security breach has allowed over 22,000 names and social security numbers to be stolen. It appears that an insecure application is to blame; used by the help desk to track issues, the application allowed the retrieval of names and SSNs. The "hacker" simply used the application to get the SSNs one by one. Of course, if the person's name is known, getting more information about them is possible through the school's directory, enabling the "hackers" to possibly compile a disturbing amount of information about each person. Why do organizations still use SSNs for identification, and can they be held liable for it? When will they learn?"