IdentityFinder.org is primarily a database of more than a million free personalized Personal Privacy Reports™, provided as a public service. Each Personal Privacy Report (PPR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each PPR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, you can further investigate, take action, or correct harm.
The IdentityFinder.org databases never expose sensitive personal information, such as complete addresses, Social Security Numbers, phone numbers, etc. Instead, your Personal Privacy Report (PPR) documents the type of personal information may have been exposed, and the conditions surrounding the exposure. You may have more than one PPR, if we have documented more than one information breach with your information.
Click here to can see an example PPR. Each Personal Privacy Report has several components:
Though large and growing, our database only covers a small fraction (less than .1%) of all breaches. Each PPR is derived from a public exposure of personal information that we find, or by the request of breaching entities.
We follow a standard protocol whenever while documenting breaches:
Remember that PPRs do not contain any sensitive information; only information about how a breach occurred. We store PPRs indefinitely for practical reasons.
In a perfect world, each and every victim would receive a personalized notification from the breaching entity. But even under the best circumstances people move, phone numbers change, breaches are discovered after several years, or many people simply miss the press release announcing the breach.
Criminals, and even some organizations never issue a press release in the first place, regardless of local law. Creating a permanent record online is vital to reach some people who would not have otherwise known about the breach. In addition, the negative effects of the exposure may not occur for years, at which point you may need access to your PPR.
We also store this information online as a courtesy to victims. While a PPR is not proof of identity theft, it may be helpful as evidence of identity breach.
Our first priority is to empower victims without empowering bad guys. IdentityFinder.org's first and most important security feature is that the website does NOT contain any combination of sensitive personal information in its database: Period.
Here's how it works: When we document breached personal information on IdentityFinder.org, we replace the Address, SSN, DOB, or other personal information with a "Yes" or "No." For example, let's suppose that the following information about John Q. Public was exposed:
|Name||SSN||Date of Birth||Address||Phone Number||Pet's Name|
|John Q Public||123-45-6789||123 Main Street, Anywhere, USA||(555) 123-4567||Rex|
This is how we process the information:
|This Data||Becomes||This Entry|
|SSN: 123-45-6789||...||SSN: Yes|
|Address: 123 Main Street, Anywhere, USA||...||Address: Yes|
|Phone: (555) 123-4567||...||Phone: Yes|
|Pet's Name: Rex||...||Pet's Name: Yes|
And the database ends up looking something like this. So, even in the unlikely event that someone looked directly at the database, there's nothing to see. Your PPR records the type of information exposed, but does not reveal the contents of the information.
With millions of records, some people inevitably share the same name. In order to help people with the same name to distinguish themselves, IdentityFinder.org may store small pieces of distinguishing information that will be familiar to the individual, but will never be tied to your PPR. IdentityFinder.org does not currently use this feature, but may in the future.
Like most websites, we collect web statistics that give us an idea of how many people are visiting IdentityFinder.org, where they came from, IP addresses, and other information about their computers. We currently use third party websites like Google Analytics and Statcounter.com, to capture user information. This technology uses "cookies," which are small text files that identify your computer (not you). Disabling cookies should not affect most website functionality. However, in order to hide your PPR, you must enable cookies.
As a security precaution, we also collect IP address and search information. This helps us to stop malicious "Injection Attacks," or servers that do numerous automated searches.
IdentityFinder.org contains methods to contact us, such as e-mail, mail, etc. Unless we specifically represent to you otherwise, you should not consider your communications with us secure. As with all media of communication, we cannot guarantee the security of e-mail, or even mail. We will do our best to keep confidential information private; but communications which may indicate evidence of wrongful intent or behavior may be investigated, or shared with law enforcement.
Do not, under any circumstances, include a social security number, account number, password, or any other sensitive information in any communication with IdentityFinder.org.
If you choose to share a story of identity theft or other personal story, we may request permission to share it with others. We will not share your story if you decline such a request, or if we cannot contact you.
You will never be required to identify yourself or give any personal information (even an e-mail address) to search IdentityFinder.org. If you choose to utilize a function of the website that requires a login or e-mail address, we may keep that e-mail address on file to prevent abuse of our systems.
In the future, this website may create user forums. All publicly generated user content is donated to this website, and is considered public. We reserve the right to moderate user-contributed content.
As IdentityFinder.org expands, we plan to offer you free membership, which will allow you to add user-generated content and sign up for breach alerts. Membership requires you to provide a valid e-mail address, but does not require other personally identifying information. Other optional information (such as a website, IM, etc) will be treated as public information, if you choose to provide it. Membership is not necessary to search for your PPR.
If you choose to utilize a function of the website that requires an e-mail address, we may keep that e-mail address on file to prevent abuse of our systems or to send you communications to which you have opted-in.
Your PPR: IdentityFinder.org website is open to the public. It is possible for others to view your PPR(s), unless you hide them.
Third Party Identity Protection Services: As a courtesy, Identity Finder may occasionally negotiate discounts on identity theft protection services, in behalf of breach victims. Those commercial entities have no additional access to information than any member of the public who uses this site. Because your needs may be unique, we strongly encourage you to research the company, their services, and prices before entering into any agreement with that company.
Marketing Agreements and Third Party Relationships: We do not enter into marketing agreements where we would share any personal information about you with another entity, unless you have opted in to sharing. Although we may partner with other organizations or companies to make the information in our database more easily accessible, they will only have access to the non-personally identifiable information described above. Our most valuable asset is the trust we earn with our visitors; we do everything in our power to keep that trust.
Judicial Order or Investigation: We may share information in our databases, or any other information in our possession if ordered by a court, or as a part of a good faith investigation.
Even though your Personal Privacy Report does not contain sensitive personal information, we understand that you may wish to hide your PPR from public view, once you have read it and investigated the exposure. Only hide a PPR if you are confident that you are the individual in the report. If you accidentally hide someone else's PPR, they will never have a opportunity to learn about their risk.
If you're confident that you are the individual named in the PPR, you may request that the PPR be hidden from our searches and public access. Once the request is approved by IdentityFinder.org, and you confirm the removal, the PPR will no longer be available to you or any other visitor to this website. However, keep in mind that it may take several weeks or even months for Google or other search engines to remove your name from their search engine results. We do our best to speed up this process, but have little control over it.
If you choose to hide your PPR, you will be required to provide a valid e-mail address, and represent that you are authorized to make this request. If approved, a confirmation link will be e-mailed to you. You must follow this link within 24 hours in order to complete the process.
Since it is possible that you may have more than one PPR if your information was exposed more than once, removing one of your PPRs DOES NOT guarantee that your name (or someone who shares your name) will not re-appear in our databases, if personal information about someone with your name is exposed in the future.
We save the details of all removal requests to prevent abuse of the website. In rare circumstances, we may choose to deny a removal request.
We'll continue to update our policy as necessary, and though individual policies may change with time, one thing will not: We will always treat your privacy the way we would like others to treat ours.