IE 11 is not supported. For an optimal experience visit our site on another browser.

Finally, warnings about shared SSNs

Every year, millions of Social Security numbers are "shared" by more than one taxpayer. Government agencies that collect taxes, like the Social Security Administration, spot this immediately. Sometimes it's an innocent mistake; sometimes, it's identity theft. But no one ever tells the victims.

That is, not until now.

A pilot project in Utah aims to warn consumers that someone else is paying state taxes using their Social Security number. Two years in the making, it is believed to be the first such project in the nation. The first “Dear Victim” letters, about 100, started arriving this week.

"We felt as their government that we had a duty to inform the victims so they can take proactive action," said Rich Hamp, assistant attorney general in Utah, who spearheaded the program.

Telling consumers that their Social Security number is being used by someone else might seem a simple proposition. But it’s not.

The Utah project began in 2005, when Hamp's office was researching child identity theft. Working with the Utah Department of Workforce Services, which collects state employment taxes, Hamp learned the agency could cross-reference its public assistance data with its employment tax data and find Social Security numbers that were being used to double-dip. The search also unearthed thousands of numbers belonging to children receiving state benefits that were being used by adults earning money and paying taxes. The adults and the kids were essentially sharing Social Security numbers.

Why? There’s no way to know without interviewing every victim. But Hamp believes many of those children are victims of identity theft. Many of the imposters, Hamp believes, are illegal immigrants who provide someone else’s Social Security number in order to get a job.

It’s possible for a victim to “share” a Social Security number with an immigrant and face no ill effects. Many illegal immigrants don’t steal credit or do anything else that harms the victim’s credit report. But often, they share these numbers with other family members – many victims report they have 5 or 10 imposters. Any one of them may ultimately run into financial or legal trouble that could ultimately be intermingled with the victim’s identity. In one extreme example, a Bank of America customer named Margaret Harrison received a debit card with her name, but her immigrant imposter's face.

The problem is widespread. Each year, near 10 million people around the country pay their Social Security taxes using the wrong number, according to the Social Security Administration. In many of these cases, identity sharing – sometimes called SSN-only identity theft – is the cause. While Social Security has never examined the issue in detail, several indicators suggest many of the workers on the list are illegal immigrants, an issue we examined in-depth in “The Secret List of Identity Theft Victims.”

$500 billion of earnings in limbo

When someone pays federal taxes using the wrong number, these "no-match" situations are flagged immediately by Social Security. When taxes are paid by a worker who is not the rightful holder of a Social Security number, the government sets the wage credits aside into what's called an "Earnings Suspense File." That file now holds more than $500 billion in uncredited earnings.

But the consumers involved are not notified that their Social Security number is being used by someone else.

Utah officials plan to change that, at least among state residents. Hamp's database merge produced a similar no-match list using available state records. In all, that data coughed up 20,000 numbers that were being used by multiple people, including 4,000 residents under 12 years old.

When the list of "shared" Social Security numbers was developed, the attorney general's office planned to notify children and their parents immediately. But a state law – the Employment Security Act -- stymied their efforts. It actually prevents the Department of Workforce Services from releasing any taxpayer information it collects to the public – even to the rightful owners of the information.

But Hamp and attorney general Mark Shurtleff didn’t want to stop there.

“The attorney general’s office was uncomfortable that we knew 20,000 individuals whose names and numbers were compromised, and we needed to tell them,” Hamp said. So Shurtleff went to state legislators looking for a solution, and earlier this year the Employment Security Act was amended. Now, the agency can disclose Social Security mismatch information to consumers and to law enforcement agencies.

The new law took affect on April 30.

But there were still obstacles to sending out thousands of identity theft warning notices. Chief among them: Who would handle the inevitable flood of phone calls from victims who receive letters indicating they are likely victims of identity theft?

“The question is how do we notify people without clogging everyone's phone lines, without starting panic?” Hamp said.

Random sample, to start

The attorney general's office has set up a special Web site nicknamed IRIS (Identity Theft Reporting System) for victims who receive the letters. It provides necessary forms for them to file police reports and request fraud alerts and credit freezes from the credit reporting agencies.

Still, there were concerns that the “Dear Victim” letters could produce a much more emotional response.

So the Department of Workforce Services has decided to limit its initial letter-writing effort to 100 randomly selected victims, said agency spokesman Mike Richardson.

Agency employees searched for children aged 14 and under with quarterly earnings of $1,000 or more, then manually reviewed their files to pick out the most likely identity theft victims.

"We're doing it in a methodical way, so letters only go out to cases we're most concerned about," he said. The letters will direct victims to register at the IRIS Web site and begin the necessary paperwork.

While some might already know they are victims of identity theft, others likely have no indications they are sharing their identity. Accounts opened by imposters using SSN-only identity theft generally don’t show up on credit reports or Social Security wage earning reports.

There is no guarantee that the letter recipients are really victims of identity theft by undocumented workers. Some children might be legitimately working, Richardson said. Some might be in the data by accident. Others might be victims of family identity theft -- parents sometimes use their children's Social Security numbers to shed bad credit reports, for example. Because the letters are going to parents, it's not likely authorities will hear back from those victims. And genuine victims might not react with as much alarm as some are predicting. Still, the agency didn’t want to send out 20,000 notices and risk receiving 20,000 phone calls all at once.

"We will see what we get,” Richardson said. “If all 100 (respond) and the attorney general's office is overwhelmed, that gives us an idea. If only 2 or 3 come back, then this might be workable."

At any rate, officials in Washington D.C. should watch Utah's effort closely. This experiment in government honesty -- we know you might be a victim, so we'll tell you -- could very well be a model for the Social Security Administration. will track the Utah program and report back to you on its success or failure.


Consumers who learn they are sharing their Social Security number with another worker have little recourse. They should place fraud alerts or security freezes on their credit reports, even if no illegal activity is apparent. An imposter who uses someone else’s number solely for work purposes may one day run into financial trouble and be tempted to commit financial identity theft.

Checking annual Social Security earnings reports for mistakes is a good idea – particularly if you are not getting credit for your earnings. But SSN-only identity theft will not appear on this report, because only wages reported using the correct name and number are credited to your account.

Most consumers discover SSN-only identity theft by accident: A surprise denial when applying for unemployment benefits, for example, or a funny look or question from a bank teller when opening a new account (“Hmm, do you live in San Antonio, Texas?”). That might be a sign someone else has opened an account in your name at your bank or has given an employer your number somewhere else in the country. While these institutions are not legally required to share the bad news they see on their computer screens with you, many tellers and government employees will tell you informally. Don’t leave and call a company official later; that official is less likely to be forthcoming.