Kinda out of scope
Yeah I get what you're saying but then you could argue that every site / app that requires that info to do business has a "huge vulnerability" because that sort of info is stolen and traded all day every day on the dark web.
The scope of this article is the programming of this particular portal, and the way it validates input data, not the pros and cons of using SSNs and ID numbers - just my 2c.
C.