Washington, DC- Today, U.S. Senator Bob Casey (D-PA) announced that the recently announced budget agreement contains provisions to crackdown on identity theft. In 2012, Casey exposed lax federal rules that allowed identity thieves to obtain recently deceased Americans’ Social Security numbers for as little as $10. Identity thieves could obtain the Social Security numbers through the so called ‘Death Master List,’ which listed the personal information of the recently deceased, allowing would-be identity thieves to assume the identities of recently deceased persons and wreak havoc on their families. The budget agreement will empower the Secretary of Commerce to restrict access to the Death Master file and better protect the identities of recently deceased persons.
“The passing on of a loved one is a significant hardship for a family to deal with that shouldn’t be compounded by the threat of identity theft,” Senator Casey said. “This is a significant step forward that will protect the identities of the recently deceased and will work to ensure that their families are not preyed upon by criminals.”
Death Master File
In 1980, SSA entered into a consent agreement to release death information following a Freedom of Information Act lawsuit. This information is available to purchase online through the Department of Commerce. The database contains much of the information needed to steal someone’s identity; it includes the full name, Social Security Number, date of birth, and date of death of deceased citizens and legal residents. The records of a single individual can be purchased for as little as $10, and the entire database is available for around $2,000. The information has important legitimate uses; the financial community, insurance companies, security firms, and state and local governments all use the death master file to match records and prevent identity theft. However it has also allowed criminals to file fraudulent tax returns.
Section 203 of the budget would establish a program under which the Secretary of Commerce restricts access to the information contained on the Death Master File (DMF) for a three-year period beginning on the date of the individual’s death, except to those who are certified under a program to be established by the Secretary of Commerce. Under the program, those who have a fraud prevention interest or other legitimate need for the information and agree to maintain the information under safeguards similar to those required of Federal agencies that receive return information, as described in section 6103(p)(4) of title 26 of the United States Code, may apply for certification. The Secretary of Commerce reviews the eligibility of applicants, examines safeguards for protecting the information and conducts audits of certified entities to assure compliance with safeguards.
Data from the death master file allows perpetrators to file fraudulent returns impersonating a deceased taxpayer. A recent audit of the 2011 tax year identified 19,000 fraudulent returns from recently deceased taxpayers. Many additional fraudulent returns from deceased taxpayers may go undetected since no legitimate taxpayer may ever attempt to file again with the decedent’s Social Security Number.
These returns contribute to the growing problem of identity theft in tax fraud. Overall, the IRS reports that they identified over 1.2 million identity theft returns in 2012 and as of June had identified 1.6 million this year. However, these figures only represent the returns the IRS was able to identify, so the actual figure is likely much higher. In a September 2013 audit report, the Treasury Inspector General for Tax Administration estimated that the IRS issued approximately $3.6 billion in fraudulent tax refunds resulting from identity theft in 2011 alone.
Under the budget provision, a penalty of $1,000 for each disclosure or misuse of the information is imposed on any persons who improperly disclose the DMF information. A certified person in receipt of DMF information is responsible for any subsequent disclosure of such information. Even if the initial disclosure to a third party is appropriate, if that third party subsequently improperly discloses the information, the certified person is deemed to have also improperly disclosed the information. Thus, in a case in which the improper disclosure is made by a third party who received the information from a certified person, both the certified person and the person who improperly disclosed the information are subject to the penalty. The penalty may not exceed $250,000 per person for any calendar year, except in the case of willful disclosure. In such cases, the penalty is not limited.
The full text of Casey’s 2012 letter to the Office of Management and Budget and the Social Security Administration can be seen below:
July 19, 2012
The Honorable Michael J. Astrue
Commissioner of Social Security
The Honorable Jeffrey D. Zients
The Office of Management and Budget
Dear Mr. Astrue and Mr. Zients:
I am writing to urge you to move forward with proposed changes to the Social Security Administration’s policy on the release of the so-called “death master file,” and provide regular updates on its implementation. This document contains the Social Security Numbers and other vital information of deceased citizens and legal residents. As you know, the public release of this information has contributed to the troubling problem of identity theft in tax returns.
The accessibility of the death master file appears to be inadvertently facilitating tax fraud. While the information released in this file has important legitimate uses, it has also been used to file fraudulent tax returns under the names of deceased taxpayers. For $10, an individual can purchase the full name, Social Security Number, date of birth, and date of death of a deceased citizen or legal resident—the information needed to steal an identity and defraud the government or private businesses. This theft of deceased taxpayers’ identities has grown into a serious problem. This year, as of March 2012, the IRS has identified 66,000 tax returns of recently deceased taxpayers that are likely fraudulent. This fraud not only takes revenue from the government, but it also forces families that have just lost a loved one to confront the ordeal of resolving this identity theft. These families often have no idea that their loved ones’ personal information had been put on sale by the federal government.
The use of identity theft to file fraudulent returns has grown substantially. According to the Internal Revenue Service (IRS), last year over 1.3 million identity theft returns were detected and stopped from processing. The most recent data from March 2012 indicates that this year the IRS had already identified more than 720,000 identity theft returns. These numbers only represent returns that were detected by the IRS during processing. The number of overall identity theft returns is much greater because in many cases, the identity theft is not discovered until the legitimate taxpayer attempts to file. For taxpayers who do not have a filing requirement, the identity theft and corresponding revenue loss may not be discovered at all. Identity theft of deceased taxpayers is a significant part of this problem and has been exacerbated by the release of the death master file.
Over the past few years, the IRS has taken significant steps to address fraudulent returns. It has improved its processing system for tax returns, using filters to detect fraud before a refund is issued. The IRS has also stepped up its criminal prosecutions and established a program to use information received from other law enforcement agencies to flag taxpayers whose identities are known to have been stolen. Nevertheless, identity theft continues to cost taxpayers billions of dollars every year.
It is our understanding that the Office of Management and Budget is currently reviewing a proposal by the Social Security Administration to restrict the release of the death master file to entities that have both a legitimate need for these data and the capabilities to secure the information. I request that you provide the status of this proposal, a list of any impediments to moving forward with the proposal and a timeline for implementation.
Identity theft creates a significant hardship for many American families, and robs our Nation of taxpayer dollars at a time when we face serious fiscal challenges. Addressing this issue will require a significant, coordinated effort. Preventing the widespread publication of deceased citizens’ vital records is an important first step with broad support. I urge you to limit access to the death master file as soon as possible.
Robert P. Casey, Jr.
United States Senator