The Social Security Administration uses validation certificates and two-factor authentication technology to secure access to their databases. Its internal security measures are not published, but none of the 10 major federal data breaches in 2014 involved the Social Security Administration.
Third-party databases that contain Social Security numbers, such as those used by banks and credit card companies, are potentially vulnerable to data breaches. This form of information leak is unrelated to the government's Social Security database.
In addition to criminal data breaches, some Social Security numbers are legally available to the public. The Social Security Administration publishes information on deceased Americans, and this quarterly publication has no purchase restrictions. This information includes Social Security numbers.