Identity Theft and Genealogy

Previously published in RootsWeb Review: 29 November 2006, Vol. 9, No. 48.
(used by permission)

Preventing Identity Theft Does Not Mean Hiding Your Ancestors

Does your genealogical information on the Internet pose a security risk for the so-called identify theft problem? The simple answer is no. While we all need to be cautious about revealing too much personal information about ourselves and our living family members on the Internet (and elsewhere) the most common sources of identity theft are those we encounter in our daily lives.

In a recent New York Times article by John Leland, it is noted that this crime often begins at home with more than half of the victims revealing that the ID thief was a family member, a friend, a neighbor or an in-home employee.

Some genealogists mistakenly believe that if thieves learn their birth date and their mother's maiden name it poses a risk. It does not. The ID thieves need such key pieces of information as your Social Security and driver's license numbers to obtain credit, merchandise and services in your name or to gain access to your bank account, credit accounts, utilities records and other sources of personal information. [However,] If you still use your mother's maiden name as a password at your bank or financial institution, change it.

How do thieves get information? According to Identify Theft Resource Center (

Be on the alert for unsolicited electronic mail messages in which your Social Security Number and other personal information are requested. Many report having received e-mail messages that appear to be from their ISP (Internet Service Provider), for example AOL, or from a U.S. government agency like the Internal Revenue Service. The message typically states that the company or agency is updating its records and that it needs certain information from you, such as Social Security number. NEVER respond to such messages. Even though they appear to be official, these messages and/or websites are a scam. No reputable company or government agency sends unsolicited e-mail messages to individuals in which sensitive personal data is sought in this manner.

What about the SSDI (Social Security Death Index)?
Social Security numbers are never re-used, so when a person dies, his number is no longer usable by living persons because it is attached to the deceased person. A major way of preventing identify fraud is by methodically running financial, credit, payment and other applications against the Social Security Administration's Death Master File (known commercially as the SSDI) -- thus the financial community, insurance companies, security firms, and state and local governments are better able to identify and prevent identity fraud. Moreover, the USA Patriot Act requires an effort to verify the identity of customers, including procedures to verify customer identity and maintaining records of information used to do so.

Remember that ID thieves need more than your name, birthdate, e-mail address or your mother's maiden name to steal your identity. Your GEDCOM and other genealogical information about your deceased ancestors on the Internet do not pose a threat of identity theft. Thieves want your Social Security, credit card, and/or bank numbers to do their dastardly deeds -- not your family tree.