Stephen Chapman has made a startling find regarding personal info. You need to read his article:

http://www.zdnet.com/blog/seo/beware-social-security-numbers-available-online-via-indexed-tax-documents/2819?tag=nl.e539

You think he’s a hacker? No… this was freely available using a simple browser and simple search questions:

“Sadly, the 50+ documents I have made note of do not even begin to scratch the surface of what is actually available out there between all the types of search engines there are these days. To note, the results of my investigation are primarily based on just two very simple Web queries using just one search engine. Additionally, I tried other specialized search engines just to see what kind of results they would yield and the results were dumbfounding. I didn’t take the time to sift through them simply because I didn’t have to.”

It’s tax season, and for that reason, I’m posting only the conclusions he came to (and these are excellent recommendations!) and remember, your kids’ and wife’s SS numbers (etc.) are available on the tax forms! Imagine the damage possible. The kids won’t discover it for years!

His conclusions:

“1 - DO NOT STORE PRIVATE INFORMATION ONLINE! That’s about as cut-and-dry as it gets.

2 - If you must store private information online, then enable authentication which requires you to log in prior to being able to see and download the contents of a directory. Additionally, password-protect your files and change or encrypt file names so that they cannot show up in searches related to their file names or provide intrigue for potential intruders (i.e. if someone is digging around for tax information on your site and they see a file called “Tax-Information-2011.ppsx”, then they’re most certainly going to be sure to check out that file).

3 - If you find your information has been indexed in a search engine, remove your file(s) immediately from your Web site, then contact the search engine to have both the indexed and cached results removed. Don’t just remove the file(s) from your site, because someone could still view a search engine-cached version of the file(s).

4 - To see if your information has been compromised, check any and all logs from your Web site dating back to the day you placed the file on your site. If you see download activity on your file(s) from an IP address you do not recognize, then there’s a good chance your personal information has been compromised. Acceptance will undoubtedly be difficult, but it’s necessary to move forward with preventing further damage.

5 - If you suspect you have become a victim of identity theft, it may behoove you to obtain a credit report, sign up for credit monitoring, and reach out to your local FBI branch to report any findings you may have with regards to your personal information being stolen and utilized.”