WASHINGTON — A little-known but widely used federal database meant to protect Americans from fraud has itself become a major source of mischief and misery.
Crooks are pocketing fraudulent tax refunds after filing returns with personal information about recently deceased people found in the Social Security Administration’s Death Master File, which is widely available on the Internet, federal authorities and consumer experts say.
The Internal Revenue Service — citing data it is making public for the first time at the request of Scripps Howard News Service — estimates that tax filers improperly submitted 350,000 returns on dead Americans this tax season, improperly seeking $1.25 billion in refunds.
Parents who recently lost a child are increasingly targeted by these thieves, experts say. Armed with the deceased child’s Social Security number and other personal information, the crooks falsely claim them as dependents and have the refunds routed to them.
Among the victims is Matt Pilcher of Potomac, Md., who still grieves over the 2010 death of his daughter, Ava, from lung disease following her premature birth. Pilcher’s 2010 income tax filing was rejected by the IRS because someone else claimed Ava as a dependent.
“All we really have is her memory and her name,” Pilcher said. “For someone to try to take that, to steal that, to appropriate that for themselves — it’s beyond reprehensible.”
The Death Master File contains the names, birth dates and Social Security numbers of more than 90 million deceased Americans. It is updated every week and can be accessed for free at several genealogy websites.
“We were able to go on a website and found all her information there. The Death Master File is where they (crooks) got that information,” Pilcher said.
A relic of simpler times, the death file was created in 1980 under the new Freedom of Information Act at the request of U.S. businesses seeking a tool against identity theft. In that post-Watergate and pre-Internet era, it seemed like an open-government solution to the rising problem of consumer fraud.
But serious problems stemming from the Death Master File recently have come to light. The Social Security Administration, as part of an investigation by Scripps Howard, acknowledged in June that it accidentally lists about 14,000 living Americans each year in the death database.
People who are inaccurately listed as dead frequently fall into an Orwellian nightmare in which they have trouble getting jobs, opening bank accounts, buying cars, renting apartments, or even purchasing mobile telephones.
But the discovery that the database also has become a major source of tax fraud is an especially troubling wrinkle for federal authorities and consumer protection experts.
There is little grieving parents can do to protect themselves if thieves decide to take their dead child’s name, birthdate and Social Security numbers. Identity crooks need only file for a tax refund before the family can.
“Criminals have found the perfect loophole,” said Joanna Crane, former manager of the Federal Trade Commission’s Identity Theft Program. “It doesn’t give the IRS time to detect that something is wrong. By the time they do, the money is already out the door.”
It’s especially embarrassing that a federal anti-fraud database enables the crimes.
“This is such a mess,” concluded Nikki Junker, a victim adviser for the San Diego-based Identity Theft Resource Center. “Identity theft is growing very quickly. It’s just insane, all of these public sites that are posting this information.”
The Social Security Administration says it is powerless to act.
“The information that is released via the public (Death Master File) is the information that must be disclosed under the Freedom of Information Act,” Social Security spokesman Mark Hinkle said. “Congress would need to amend FOIA laws in order for us to limit the amount of information that we are obligated to make public under the law.”
Other federal authorities question whether the law forces the agency to remain so passive.
“If the SSA feels it must ask the court that entered a consent judgment in a 1980 FOIA case to modify the judgment, it should do so,” said Nina Olson, head of the IRS’ internal watchdog office.
The database poses a dilemma for major genealogy firms.
“We understand that there is some sensitivity around this database, which is why we only disclose information provided by the Social Security Administration that has already been made public,” said Heather Erickson, spokeswoman for Ancestry.com, which claims to be the world’s largest genealogy site.
Officials at The Church of Jesus Christ of Latter-day Saints (Mormon) said the federal government does not allow them — or others — to redact Social Security numbers they post on the site they administer, FamilySearch.org.
“By contract, the records received from the Social Security Administration must be posted in their entirety,” said Chief Genealogical Officer David Rencher in Salt Lake City. “This same subscription service is also used by organizations including banks, credit unions and credit bureaus to protect against identity fraud.”
Without directly responding to Rencher’s comment, a spokesman for the U.S. Department of Commerce, which distributes the death file, provided a copy of the agreement users must sign. It says users must make regular updates to the “full file” so that it is “up to date with SSA’s records.”
For years, watchdogs have railed on the Death Master File. In a scathing 2008 audit, Social Security’s Inspector General’s Office urged the agency to:
The audit also addressed concerns about the 14,000 living Americans whose names and SSNs are released each year, saying the agency breaks federal law by releasing that private information. In these cases, the report called on the agency to notify living Americans of the mix-ups.
Social Security officials asked the Inspector General to keep its report secret since it “highlights the issue” that the Death Master File can be used for fraudulent purposes and “could encourage misuse.” The agency agreed to consider the recommendations, but so far, has not enacted any of them.
“While we believe that wider notification (to people at risk) is a piece of that protection, we also believe that narrowing the range of information included in the public release, delaying the public release to allow for corrections, and similar actions are at least as important,” Assistant Inspector General Jonathan Lasher told Scripps Howard.
Lasher said his office earlier issued a new review this year criticizing Social Security for not acting on its recommendations which “are based on concerns that more can be done.”
Pilcher, the Maryland dad, wants policy changes — and justice. Although federal authorities refuse to provide any details about who claimed Ava on their tax return — the IRS says it cannot divulge private information about anyone’s tax filings — Pilcher vowed to find the culprit.
“I don’t care how long it takes,” he said. “I’m going to find out who did it!”