America's Privacy Watchdog
1,818,342 Identity Exposure Reports
Do Another Search
Please fix the following problems:

Privacy Practices, and Other Policies

This privacy policy may be a little more detailed than you expect, but we recognize that our most valuable asset is your trust. As we developed this website and privacy policy, we tried to follow the Golden Rule of Privacy: We treat your privacy the way we would want others to treat ours.

Information on this Site

IdentityFinder.org is primarily a database of more than a million free personalized Personal Privacy Reports™, provided as a public service. Each Personal Privacy Report (PPR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each PPR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, you can further investigate, take action, or correct harm.

The IdentityFinder.org databases never expose sensitive personal information, such as complete addresses, Social Security Numbers, phone numbers, etc. Instead, your Personal Privacy Report (PPR) documents the type of personal information may have been exposed, and the conditions surrounding the exposure. You may have more than one PPR, if we have documented more than one information breach with your information.

Contents of a PPR™

Click here to can see an example PPR. Each Personal Privacy Report has several components:

  • Victim's Name
    Example: "John Q Public"
  • A Personalized List of Exposed Information
    Example: "Your Name, SSN, Address... etc have been exposed."
  • Exposing Entity's Contact Information
    Example: "Crazy Go Nuts University- 123 Main St. Freecountry, USA"
  • Detailed Information about Breach
    Example: "On October 2, the Golf Team Coach posted the names, Social Security Numbers, Dates of Birth, Addresses, Phone Numbers of 538 students…"
  • Breach Size
    Example: "Records Exposed: 538"
  • Breach Sensitivity
    Example: "Extreme"
  • Breach Duration
    Example: "More Than One Year"
  • Breach Distribution
    Example: "Exposed Online"
  • Related Links
    Example: Links to official press releases and news stories about the breach
  • Additional Breach Identification
    Example: "Student Database. Grades-2004.xls"
  • Resolution
    Example: "File Deleted, Caches Cleared."
  • Links to Resources
    Example: FTC website, Free Credit Report, Privacy Rights Clearinghouse, etc.

How we get Exposed Information

Though large and growing, our database only covers a small fraction (less than .1%) of all breaches. Each PPR is derived from a public exposure of personal information that we find, or by the request of breaching entities.

We follow a standard protocol whenever while documenting breaches:

  1. Discover: We discover personal information which has been exposed in an easily accessible public forum, or a breaching may request that we document a breach online.
  2. Document: After discovering the information, we carefully document the types of personal information exposed, the circumstances, and those responsible, in accordance with this policy.
  3. Notify: We notify those responsible, and will often notify authorities such as the FBI or a state licensing board, for example. When possible, we may also try to notify victims directly.
  4. Destroy: We destroy the original files as soon as practicable, absent extenuating circumstances such as an investigation. We have no desire to be permanent stewards of such sensitive information.
  5. Announce: Before we announce any breach, we make reasonably certain that the information is no longer readily available online.

Why Store the PPR online?

Remember that PPRs do not contain any sensitive information; only information about how a breach occurred. We store PPRs indefinitely for practical reasons.

In a perfect world, each and every victim would receive a personalized notification from the breaching entity. But even under the best circumstances people move, phone numbers change, breaches are discovered after several years, or many people simply miss the press release announcing the breach.

Criminals, and even some organizations never issue a press release in the first place, regardless of local law. Creating a permanent record online is vital to reach some people who would not have otherwise known about the breach. In addition, the negative effects of the exposure may not occur for years, at which point you may need access to your PPR.

We also store this information online as a courtesy to victims. While a PPR is not proof of identity theft, it may be helpful as evidence of identity breach.

How we Keep Information Safe

Our first priority is to empower victims without empowering bad guys. IdentityFinder.org's first and most important security feature is that the website does NOT contain any combination of sensitive personal information in its database: Period.

Here's how it works: When we document breached personal information on IdentityFinder.org, we replace the Address, SSN, DOB, or other personal information with a "Yes" or "No." For example, let's suppose that the following information about John Q. Public was exposed:

Name SSN Date of Birth Address Phone Number Pet's Name
John Q Public 123-45-6789   123 Main Street, Anywhere, USA (555) 123-4567 Rex

This is how we process the information:

This Data Becomes This Entry
SSN: 123-45-6789 ... SSN: Yes
DOB: ... DOB: No
Address: 123 Main Street, Anywhere, USA ... Address: Yes
Phone: (555) 123-4567 ... Phone: Yes
Pet's Name: Rex ... Pet's Name: Yes

IdentityFinder.org Database And the database ends up looking something like this. So, even in the unlikely event that someone looked directly at the database, there's nothing to see. Your PPR records the type of information exposed, but does not reveal the contents of the information.

Distinguishing Information

With millions of records, some people inevitably share the same name. In order to help people with the same name to distinguish themselves, IdentityFinder.org may store small pieces of distinguishing information that will be familiar to the individual, but will never be tied to your PPR. IdentityFinder.org does not currently use this feature, but may in the future.

Additional Information We Collect

Visitor Information

Like most websites, we collect web statistics that give us an idea of how many people are visiting IdentityFinder.org, where they came from, IP addresses, and other information about their computers. We currently use third party websites like Google Analytics and Statcounter.com, to capture user information. This technology uses "cookies," which are small text files that identify your computer (not you). Disabling cookies should not affect most website functionality. However, in order to hide your PPR, you must enable cookies.

As a security precaution, we also collect IP address and search information. This helps us to stop malicious "Injection Attacks," or servers that do numerous automated searches.

Communications

IdentityFinder.org contains methods to contact us, such as e-mail, mail, etc. Unless we specifically represent to you otherwise, you should not consider your communications with us secure. As with all media of communication, we cannot guarantee the security of e-mail, or even mail. We will do our best to keep confidential information private; but communications which may indicate evidence of wrongful intent or behavior may be investigated, or shared with law enforcement.

Do not, under any circumstances, include a social security number, account number, password, or any other sensitive information in any communication with IdentityFinder.org.

If you choose to share a story of identity theft or other personal story, we may request permission to share it with others. We will not share your story if you decline such a request, or if we cannot contact you.

You will never be required to identify yourself or give any personal information (even an e-mail address) to search IdentityFinder.org. If you choose to utilize a function of the website that requires a login or e-mail address, we may keep that e-mail address on file to prevent abuse of our systems.

User-Contributed Content

In the future, this website may create user forums. All publicly generated user content is donated to this website, and is considered public. We reserve the right to moderate user-contributed content.

Membership and Breach Alerts

As IdentityFinder.org expands, we plan to offer you free membership, which will allow you to add user-generated content and sign up for breach alerts. Membership requires you to provide a valid e-mail address, but does not require other personally identifying information. Other optional information (such as a website, IM, etc) will be treated as public information, if you choose to provide it. Membership is not necessary to search for your PPR.

If you choose to utilize a function of the website that requires an e-mail address, we may keep that e-mail address on file to prevent abuse of our systems or to send you communications to which you have opted-in.

Information Sharing

Your PPR: IdentityFinder.org website is open to the public. It is possible for others to view your PPR(s), unless you hide them.

Third Party Identity Protection Services: As a courtesy, Identity Finder may occasionally negotiate discounts on identity theft protection services, in behalf of breach victims. Those commercial entities have no additional access to information than any member of the public who uses this site. Because your needs may be unique, we strongly encourage you to research the company, their services, and prices before entering into any agreement with that company.

Marketing Agreements and Third Party Relationships: We do not enter into marketing agreements where we would share any personal information about you with another entity, unless you have opted in to sharing. Although we may partner with other organizations or companies to make the information in our database more easily accessible, they will only have access to the non-personally identifiable information described above. Our most valuable asset is the trust we earn with our visitors; we do everything in our power to keep that trust.

Judicial Order or Investigation: We may share information in our databases, or any other information in our possession if ordered by a court, or as a part of a good faith investigation.

PPR Removal

Even though your Personal Privacy Report does not contain sensitive personal information, we understand that you may wish to hide your PPR from public view, once you have read it and investigated the exposure. Only hide a PPR if you are confident that you are the individual in the report. If you accidentally hide someone else's PPR, they will never have a opportunity to learn about their risk.

If you're confident that you are the individual named in the PPR, you may request that the PPR be hidden from our searches and public access. Once the request is approved by IdentityFinder.org, and you confirm the removal, the PPR will no longer be available to you or any other visitor to this website. However, keep in mind that it may take several weeks or even months for Google or other search engines to remove your name from their search engine results. We do our best to speed up this process, but have little control over it.

If you choose to hide your PPR, you will be required to provide a valid e-mail address, and represent that you are authorized to make this request. If approved, a confirmation link will be e-mailed to you. You must follow this link within 24 hours in order to complete the process.

Since it is possible that you may have more than one PPR if your information was exposed more than once, removing one of your PPRs DOES NOT guarantee that your name (or someone who shares your name) will not re-appear in our databases, if personal information about someone with your name is exposed in the future.

In order to hide your PPR, follow these steps:

  1. At the bottom of your PPR, click the link that says, "click here to turn on the PPR Removal tool." You only have to do this once each time you visit the website, and your browser must enable cookies in order to hide your PPR.
  2. Once you've found your PPR, scroll to the bottom of the page, and click the link that says Hide my PPR.
  3. Follow the directions on the screen and in the confirmation e-mail.
  4. Search for your name again and repeat, to make sure you do not have more than one PPR.
  5. Consider signing up for Breach Alerts to find out if your name is added in the future.

We save the details of all removal requests to prevent abuse of the website. In rare circumstances, we may choose to deny a removal request.

Updates to this Policy

We'll continue to update our policy as necessary, and though individual policies may change with time, one thing will not: We will always treat your privacy the way we would like others to treat ours.

Copyright © Identity Finder, LLC. All rights reserved. This is a free public service provided by Identity Finder
* Though we make every reasonable effort to ensure this information is accurate, Identity Finder encourages you to investigate and confirm the information on your Personal Privacy Report and other information on this website, before acting upon it. The information given by this website is presented "AS-IS," without any warranty as to its accuracy or fitness for a particular purpose. Nothing on this website shall be construed as legal advice, or as an endorsement by any third party, unless otherwise explicitly stated. If you require legal advice, please seek the advice of legal counsel experienced in this subject area, and licensed in your jurisdiction.