Cyber Gravedigger Charged with Identity Theft

April 25, 2008

Further proving one is never safe from identity theft, federal prosecutors this week charged a Southern California woman with aggravated identity theft for victimizing the deceased, Wired reports.

Tracy June Kirkland, 42, allegedly used the Social Security Death Index (SSDI), available on the popular genealogy Web site Rootsweb.com, to garner the Social Security numbers and birth dates of dead people for her credit card fraud scheme, according to a recent 15-count indictment [opens in PDF].

Having gained the basic identifying information needed, the cyber gravedigger would call credit card companies to determine if the deceased had an account she could commandeer. She persuaded lenders, including Nordstrom Federal Savings Bank, Macy’s and GE Money Bank, to change the mailing address for her deceased victim to a rented mail drop, and in some cases even added her own name as an authorized user, the indictment states.

Bring out your dead

The unfortunate irony here is that the SSDI available on Rootsweb is published monthly by the Department of Commerce under the Freedom of Information Act in an effort to prevent identity theft by enabling banks and others to verify whether or not a Social Security number is active (SSNs are not reused).

Yet while lenders use the SSDI to verify no new accounts are being opened in a dead person’s name, in this case Kirkland was allegedly taking over existing accounts and using them to finance cash advances and the purchase of unspecified goods and services. The indictment alleges Kirkland exploited at least 100 ill-gotten identities between October 2005 and March 2008.

“The reason the Social Security Administration has it out there is to prevent fraud, and when it’s used to perpetrate fraud it’s because not all the checks and balances were in place on the financial institution’s end,” Rootsweb spokesman Mike Ward told Wired.

Dorothy Clark, spokeswoman for the Social Security Administration, told Wired this was the first case she knew of in which the index was used to commit, rather than prevent, fraud.

No longer a buzz word

Online genealogists may suggest identity theft related to online family tree data is “an urban legend,” or “seldom happens” but this case proves the potential danger.

In April 2005, the concerns of identity theft and data privacy were even downplayed by Rootsweb itself in a Rootsweb Review suggesting most identity theft happens offline and positing, “genealogy websites do not even represent a blip on the radar of this problem.” Three years later identity theft is no longer, as that article suggested, just “a ‘buzz word.’”

Whether or not this case proves to be an anomaly, it still illustrates the necessity of being smart and safe about posting personal data online. Among the suggestions RootsWeb offers its users to safeguard data?

For one, don’t use your mother’s maiden name as a password for your bank, credit card or other financial accounts since the information may be readily available online (not only through genealogical Web sites). Furthermore, do not include any personal or private information in genealogical records “on or off the Internet.”