consider social security numbers?
What potential is there to provide data on SSN that have been exposed in a breach? This seems much more borderline dangerous, but curious about of you've given any thought and the problems / possibilities you see.
American social security numbers are considered sensitive personally identifiable information and I don’t intend to store them in HIBP.
-
AP commented
What if you didn’t store them in HIBP, but stored hashes instead?
-
emilio commented
If you have not disposed of the breach files, what about a bloom filter to provide peace of mind (or 99.9% confidence) for existence of matches for [Lastname+LastFourDigits]? or some k-anonymity variant on hashes thereof.