For a limited time, Identity Finder will be giving away Free 3-month trials of its Identity Finder Professional Edition to our Twitter followers.  We'll send out one or more tweets at a random times between 9am and 5pm Eastern time each day, with a link to instructions on how to get the Free trial. We'll send out a 1-hour warning stating the exact time the tweet will go out.

The link will take you to a service called se.cret.ly, which produces one-time-use-only links. This means that the first person to click on the link will receive the super-secret instructions, while subsequent clickers will see the error, "Sorry -- That link wasn't found!"

So, hop on Hootsuite (or the Twitter app of your choice), follow @identityfinder, and be the first to click to win a free copy of Identity Finder Pro!

Identity Finder Scans Nearly 3 Million Public Non-Profit Tax Returns, Finds Almost 1/2 Million SSNs

Media Contact

Victoria Soltero
Identity Finder, LLC
+1-888-244-3790
vs990@identityfinder.com

New York, NY – April 9, 2012 – Identity Finder, LLC (http://www.identityfinder.com/) today released the most comprehensive analysis of sensitive information contained within public IRS Form 990 tax returns ever performed. Using the Identity Finder DLP 6.0 software, security researches scanned 2,892,475 IRS Form 990s from tax years 2001 through 2006 for sensitive information such as social security numbers (SSNs).

The Form 990 is the tax return form for tax-exempt organizations such as public charities and private foundations. Even though SSNs are not required on Form 990, Identity Finder found that 132,362 charitable organizations published 472,866 SSNs, of which 171,005 were unique. Between 2001 and 2006, more than 18% of all non-profit organizations or their tax preparers published at least one SSN on their public tax return. In all, 287,238 Form 990 returns contained at least one SSN.

All Form 990s are "Open to Public Inspection," and are regularly published by the IRS and multiple third parties. High school and college scholarship recipients, tax preparers, directors, employees, trustees, and donors were the primary populations whose SSNs were exposed. At least 35% of the total SSNs belonged to tax preparers who identified themselves by their SSN instead of Preparer Tax Identification Number (PTIN). Charitable organizations who believe they might have exposed SSNs on their Form 990s may find out by using Identity Finder’s easy-to-use web tool to determine how many.

"Organizations and tax preparers must understand the risks of including social security numbers on public documents, such as the IRS 990 form," said Todd Feinman, CEO of Identity Finder. "Unlike a credit card number, social security numbers cannot easily be revoked. Given the risks of identity theft, tax preparers should avoid including SSNs on 990 forms."

Given it is currently tax season, Identity Finder issued the following guidance to individuals and charitable organizations in the report:

• Nonprofit organizations who have published SSNs should warn those affected that they may be at increased risk of identity fraud.
• Organizations should avoid placing personal information (especially SSNs) on public documents such as Form 990s and court documents.
• College foundations should determine whether exposure of student PII on tax returns violates provisions of the Family Educational Rights and Privacy Act of 1974 (FERPA).
• Donors should not share their SSN with charities.
• Scholarship applicants should review the most recent Form 990 of any foundation prior to applying to verify that they do not publish SSNs.
• Individuals should always require any organization to justify a request for his or her SSN.
• Tax preparers should provide their PTIN rather than their SSN on tax documents.
• Tax preparers should ensure no PII is unnecessarily disclosed on IRS forms they approve.
• The IRS should publish explicit guidance explaining that SSNs are not to be published on Form 990s.
• The IRS and other stewards of past 990 filings should only provide redacted copies of the forms.
• The IRS, courts, and private stewards of public documents should use data loss prevention and data discovery software such as Identity Finder to prevent the disclosure of PII on documents made public.

To download Identity Finder’s complete report and find out whether your organization published SSNs on its Form 990, visit http://www.identityfinder.com/990report.

SSNs Exposed, By State

The following table lists the approximate number of social security numbers leaked in Form 990s, based upon the headquarters of the public charity or private foundations whose Form 990 tax return contained SSNs. Because most nonprofit organizations provide a benefit to individuals within their state, this map is a good illustration of where most people whose SSN has been exposed live.

About Identity Finder

The company’s data discovery technology provides users the ability to prevent identity theft and data leakage. They are a leader in identity protection and data loss prevention (DLP). For more information, visit www.identityfinder.com.

Identity Finder Releases Analysis of Thousands of Emails, Database Breach by Anonymous Hackers

On March 8, 2012 hackers from the Anonymous hacker collective and the AntiSec movement hacked into the website for New York Ironworks, a supplier of police tactical equipment. Hackers stole thousands of emails and the entire website database and posted the information in multiple locations online, in retaliation for recent high-profile FBI arrests of LulzSec and AntiSec hackers.

Identity Finder today released the following statistical analysis of the 150 MB breach, using the Identity Finder DLP Data Discovery software:

• 150 MB of Data total, including a 101 MB Database for newyorkironworks.com
• 3,581 Internal Customer Service, Sales, and Administrative Email Messages
• Approximately 3,000 Domestic and International Shipping Addresses
• 4,317 Unique Email addresses
• 440 Usernames and Passwords
• 2,368 Unique Phone Numbers
• Details of More than 4,000 Orders
• 1 Credit Card Number (Sent by a Florida man via email, not at the request of NY Ironworks)

Identity Finder’s analysis determined that many of the shipping addresses belong to residences or apartments. Because New York Ironworks sells primarily police tactical equipment, it is possible that many of the addresses could be the home addresses of police and other law enforcement agents. Publishing the home addresses for law enforcement officers, especially undercover agents, can pose a serious risk to the safety of the officers and their families. A sampling of the shipping addresses (Zip Code only) is below:

Todd Feinman, CEO of Identity Finder said, "Companies must be proactive and protect their customers’ sensitive data. The only way to ensure that even the most successful hackers do not post your confidential files, is to clean unprotected copies of them off your storage devices in the first place" Software solutions such as Identity Finder DLP can automate the task by discovering personally identifiable information in files, emails, and servers, then providing data owners the ability to enforce protection.

"Customers of New York Ironworks should beware of phishing attacks which may come as unsolicited emails purporting to come from New York Ironworks, asking users to share personal information, including usernames and passwords," warned Identity Finder's Chief Privacy Officer, Aaron Titus. "Identity Finder recommends that individuals not click on links in unsolicited email. Also, never send your credit card information to anyone via email, even a reputable company." In December 2010, one Miami Florida man emailed his credit card number to New York Ironworks' customer service department, probably against the advice of the company. The email with his name, address and credit card number remained in the Customer Service inbox until it was hacked and exposed online.

"Password re-use is another potential risk associated with this breach," warned Feinman. "Many people use the same email and password combination on multiple websites. If you were a New York Ironworks customer, we recommend you take some time to change your passwords on other sites."

The hack was announced through an Anonymous tweet. As of March 20, 2012, the website www.newyorkironworks.com remained offline. A New York Ironworks employee confirmed that they were aware of the hack, and were responding to it.

About

Identity Finder's technology provides users the ability to prevent identity theft and data leakage by searching and securing sensitive data that could be used to commit identity fraud. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free

Hackers identifying themselves with the Anonymous collective and AntiSec movement have posted several gigabytes of information online that appears to be internal emails, databases to the California Statewide Law Enforcement Association (CSLE) and New York law enforcement. We have not yet verified the data's contents, but the CSLE website is currently down.  If this breach turns out to be legitimate (and so far we have no reason to believe otherwise), it would constitute the most substantial hack against law enforcement in recent months.

UPDATE: Data Breach Now Affects More than ¾ Million people: 859,311 Email Addresses, 68,063 Credit Card Numbers, 50,618 Addresses, and 50,569 Phone Numbers

New York, NY – December 30, 2011 - Identity Finder, LLC (www.identityfinder.com) today released a detailed analysis of the information posted on December 29 by the hacking group, Anonymous as a part of the AntiSec movement and "LulzXmas" operation. Late Thursday night the group distributed more than 200 MB of Stratfor user data on multiple public mirror websites. This latest dump claims to contain "75,000 names, addresses, CCs and md5 hashed passwords to every customer that has ever paid Stratfor... [and] ~860,000 usernames, email addresses, and md5 hashed passwords for everyone who's ever registered on Stratfor's site."

Identity Finder conducted an analysis on the most recently released files, which includes information previously released by Anonymous. Based upon Identity Finder's analysis, the files contain the following personally identifiable information:

• 68,063 Unique Credit Card Numbers, of which approximately 36,000 have unexpired expiration dates. Note: Credit cards with expired expiration dates might still be valid, if they have since been renewed.
• 859,311 Unique Email addresses.
• 50,569 Phone Numbers.
• 860,160 Hashed Passwords, of which roughly 11.8% could be easily cracked.
• Average password length: 7.2 Characters.
• 50,618 of the addresses belonged to United States victims; the remainder belonged to individuals from other parts of the world.

Identity Finder estimates that of the 860,000 people affected, about 7.9% have had a credit card exposed, while 11.8% could theoretically have a compromised password.

"Identity Finder cautions anyone affected by this breach to be on the lookout for 'phishing,' emails," said Identity Finder's CEO, Todd Feinman. "Phishing is where an identity thief or fraudster sends an email that appears to be from Stratfor, but actually tricks them into visiting a malicious website that looks identical to Stratfor's site. We recommend that you do not click on any email links purporting to regard this breach. "

Aaron Titus, Identity Finder’s Privacy Officer added, "Never give sensitive personal information online, unless you initiate the contact, and unless it is to a trusted party, over a secure (https) connection. Double-check the URL to make sure you recognize the domain before sharing login or personal information. If you use the same username/ password combination at other sites (such as Gmail, Facebook, or an online banking site), we recommend you change those passwords immediately."

The breachers claim to be preparing to release 2.7 million internal Stratfor emails to the Internet soon, and threatened to attack "multiple law enforcement targets from coast to coast" on New Year's Eve.

About

Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free

Update 12/30 12:18AM: At this point we can confirm that breachers have posted files online that appear to contain in excess of 860,000 accounts, and far fewer credit card numbers; however, we have not yet checked the file for duplicates.

As a part of "LulzXmas," breachers are reporting that 860,000 Stratfor accounts have been leaked, including "75,000 names, addresses, CCs and md5 hashed passwords to every customer that has ever paid Stratfor."  Identity Finder is in the process of analyzing the data and will issue a formal report as soon as possible.

We still have not seen the 2.7 million emails breachers claim to have.

Breacher Data Dump Affects 40,000 people; 7,277 Credit Card Numbers, 36,368 Passwords, and 40,854 Email addresses.

New York, NY – December 28, 2011 - Identity Finder, LLC (www.identityfinder.com) today released a detailed analysis of the information posted by data breachers who are part of the hacking group Anonymous, after an apparently successful attack on the military and law enforcement gear distributor, Specialforces.com. According to their website, "Special Forces Gear offers a great selection of Military, Special Operations and Law Enforcement gear along with a unique T Shirt and gifts line catering to large and small units designed to help boost morale."

According to the breachers, "SpecialForces.com DID store their customers’ credit card information using blowfish encryption... Nevertheless, our voodoo prevailed and we were quickly able to break back into the military supplier’s server and steal their encryption keys. We then wrote a few simple functions to recover the cleartext passwords, credit card numbers, and expiration dates to all their customers’ cards. That’s how we roll." Identity Finder contacted Special Forces to make them aware of the most recent breach, as well as a similar breach earlier this month. Special Forces staff also reported a breach approximately six months ago.

In the most recent data loss, the breachers have released personal information for specialforces.com users. Based upon Identity Finder's analysis, the files posted to date by Anonymous and AntiSec contain the following personally identifiable information:

• 7,277 Unique Credit Card Numbers
• 68,830 Email addresses, of which 40,854 are unique.
• 36,368 Plain-text usernames and passwords, some of which might be duplicates. The breachers claim to have "approximately 14,000 passwords."
• 61.5% were weak
• 31.2% were medium strength
• 7.3% were strong
• Average password length: 7.9 Characters.
• 9% of passwords were less than 6 characters long.
• 8.2% of passwords were more than 10 characters long.

"Given the proximity to other recent high-profile breaches, specialforces.com customers face increased risk of identity and credit card fraud," said Identity Finder's CEO, Todd Feinman, "Identity Finder is committed to helping companies prevent breaches like this from happening in the future. This is the latest data leak by 'breachers' who not only hack into corporations but also breach their data privacy by posting the information online. Unfortunately this problem will only get worse unless corporations minimize their data footprint and shrink their data target."

Aaron Titus, Identity Finder’s Privacy Officer added, "The number of posted passwords and the threat of password re-use is significant. Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud. The victims will have no way to know when an identity thief is reusing their email and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as e-mail."

The concern about password reuse is well-founded. Most people today pick a password and reuse it on multiple sites. Studies that correlate hacked accounts across previous data breaches show that approximately 50% or more passwords are reused by an individual.

About

Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free.

Update: December 28, 2011 12:00PM Eastern

We'll be issuing a complete analysis soon, but it appears that the breach affects approximately 40,000 people, including roughly 7,000 credit card numbers. We've notified specialforces.com.

Original Post:

Last night Identity Finder became aware of a breach of Specialforces.com, purportedly including names, email addresses, passwords and credit card numbers. This follows a breach of a similar nature on the same website earlier this month. Identity Finder contacted Specialforces.com on December 14th and again today to alert them to the breaches.

We are performing a detailed analysis of the breached information, but so far it appears that the breachers have posted thousands of credit card numbers, email addresses, and passwords. We will post more information here as it becomes available.

UPDATED ANALYSIS: Stratfor Breach Affects 860,000 (Dec. 30, 2011)

Data Breach Affects 50,000 people; 50,277 Credit Card Numbers, 44,188 Hashed Passwords, 47,680 E-Mail addresses.

New York, NY – December 27, 2011 - Identity Finder, LLC (www.identityfinder.com) today released a detailed analysis of the information posted by hacking group, Anonymous as a part of the AntiSec movement, after an apparently successful attack on the Intelligence company Stratfor. The hackers/breachers have released personal information for Stratfor subscribers whose first names begin with A through M; presumably N through Z will be released in the coming days. Breachers have also claimed to copy 2.7 million emails which have yet to be released. Based upon Identity Finder's analysis, the files posted to date by Anonymous and AntiSec contain the following personally identifiable information:

• 50,277 Unique Credit Card Numbers, of which 9,651 are NOT expired. Note: Many credit cards are re-issued, and many credit card processors do not check the expiration date. Consequently, more than 9,651 credit card holders may still be at risk.
• 86,594 Email addresses, of which 47,680 are unique.
• 27,537 Phone Numbers, of which 25,680 are unique.
• 44,188 Encrypted Passwords, of which roughly 50% could be easily cracked.
• 73.7% of decrypted passwords were weak
• 21.7% of decrypted passwords were medium strength
• 4.6% of decrypted passwords were strong
• Average decrypted password length: 7.1 Characters.
• 10% of decrypted passwords were less than 5 characters long.
• Only 4.8% of decrypted passwords were 10+ characters long.
• Presumably the remaining non-decrypted passwords were stronger than the decrypted subset.
• 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world.

Credit card fraud has already been well-documented in this incident, said Identity Finder's CEO, Todd Feinman said. “This is the latest data leak by ‘breachers’ who not only hack into corporations but also breach their data privacy by posting the information online. Unfortunately this problem will only get worse unless corporations minimize their data footprint and shrink their data target.” Aaron Titus, Identity Finder’s Privacy Officer added, "The number of posted passwords and the threat of password re-use is significant. Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud. The victims will have no way to know when an identity thief is reusing their email and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as e-mail." The concern about password reuse is well-founded. Most people today pick a password and reuse it on multiple sites. Studies that correlate hacked accounts across previous data breaches show that approximately 50% or more passwords are reused by an individual.

About

Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free

Update: December 27, 2011 8:00AM Eastern

We continue to monitor the Stratfor breach. At this point, hackers claim to have released names beginning with A-M, or roughly 50,000 records, with more likely on the way. We have analyzed the data released so far and have these updated numbers to report:

• Unique Credit Card Numbers: 50,277
• Unique Email Addresses: 47,680
• Unique Telephone Numbers: 25,680

The hackers claim to have 2.7 million internal Stratfor emails, which Identity Finder will also analyze for sensitive personal information, if released.

Original Post

Identity Finder has been monitoring the Stratfor breach very carefully over the past 24 hours, and will continue to do so until the Anonymous hackers have released all of the stratfor.com information.  Identity Finder has analyzed approximately 20,000 records, and here's what we can confirm so far:

• Unique Credit Card Numbers: 21,605
• Unique Phone Numbers: 7,568
• Unique Email Addresses: 20,198

We expect these numbers to increase substantially in the coming hours and days.

Based upon a random sampling of 1% of the password hashes, we discovered that 59.3% of them were easily cracked using free, public tools.

Stratfor could have prevented this breach in numerous ways. One way they could have prevented the breach was to run Identity Finder against their databases to discover unencrypted credit card data, and protect the information.