{ "id": "NP-16-government-id-protection-285-entity-types", "type": "case-study", "title": "Government ID Protection: 285+ Entity Types Including National Identifiers", "description": "Detecting government IDs (passports, SSN, driver's licenses) across 48 languages and 25+ countries. 285+ entity types for comprehensive identity protection.", "url": "https://anonym.community/anonym.legal/NP-16-government-id-protection-285-entity-types.html", "product": "anonym.legal", "driver": { "id": null, "name": "" }, "breadcrumbs": [ { "label": "Dashboard", "url": "https://anonym.community/../dashboard.html" }, { "label": "anonym.legal", "url": "https://anonym.community/index.html" } ], "content": { "sections": [ { "type": "summary", "heading": "Research Source", "content": "anonym.community March 2026 crawl\n\nA breach of Discord's Persona identity verification service exposed approximately 70,000 government-issued IDs including passports, driver's licenses, and national identity cards. Users had submitted these documents for age verification and identity confirmation. The breach highlights the risk of centralized government ID storage and the need for PII detection systems that can identify government document numbers, names, dates of birth, and document-specific identifiers across international formats." }, { "type": "summary", "heading": "Executive Summary", "content": "A breach exposing 70,000 government IDs demonstrates the risk of storing identity documents. Government IDs contain the most sensitive PII categories — full legal names, dates of birth, government-issued numbers, photos, and addresses. Detecting and anonymizing government ID data before storage or transmission is critical.\n\nanonym.legal detects 285+ entity types including government IDs from 25+ countries: passport numbers, Social Security numbers, driver's license numbers, national ID numbers, tax identification numbers, and country-specific formats." }, { "type": "problem", "heading": "The Problem: Government ID Data is Maximum-Impact PII", "content": "Government-issued IDs are the highest-value target for identity theft. Unlike email addresses or phone numbers, a compromised passport number or Social Security number cannot be easily changed. Government IDs are permanent or semi-permanent identifiers tied to a person's legal identity. When breached, they enable identity fraud, financial fraud, immigration fraud, and tax fraud. The Persona breach exposed IDs from multiple countries, each with different formats: US Social Security numbers (9 digits, NNN-NN-NNNN), German Personalausweis (10 alphanumeric), French CNI (12 digits), Brazilian CPF (11 digits with check digits), Indian Aadhaar (12 digits with Verhoeff checksum), and dozens more.\n\nIrreducible truth: Government ID numbers are the PII category with the highest impact and lowest replaceability. A compromised SSN affects a person for life. Any system that processes documents containing government IDs must detect and protect these numbers with the highest priority.", "atomicTruth": "Irreducible truth: Government ID numbers are the PII category with the highest impact and lowest replaceability. A compromised SSN affects a person for life. Any system that processes documents containing government IDs must detect and protect these numbers with the highest priority." }, { "type": "solution", "heading": "The Solution: How anonym.legal Addresses This", "content": "anonym.legal detects government ID formats from 25+ countries including: US (SSN, driver's license, passport), Germany (Personalausweis, Reisepass, Steuer-ID), France (CNI, passport, NIF), Brazil (CPF, CNPJ), India (Aadhaar, PAN), Japan (My Number), South Korea (RRN), UK (NIN, NHS), Italy (Codice Fiscale), Spain (DNI/NIE), and more. Each recognizer uses format-specific validation including checksums (Luhn, Verhoeff, modulus) to minimize false positives.\n\nGovernment IDs appear in documents written in many languages. A German Personalausweis number might appear in an English business email, a Turkish contract, or a Japanese correspondence. anonym.legal's 48-language NER detects the surrounding context (names, addresses, dates) in each language while pattern recognizers identify the ID number format regardless of document language.\n\nGovernment IDs can be anonymized using any of 5 methods: Redact (complete removal), Replace (e.g., SSN → [SSN_1]), Mask (e.g., ***-**-6789), Hash (SHA-256 for irreversible de-identification), or Encrypt (AES-256-GCM for authorized recovery). For legal/compliance workflows, Encrypt preserves the ability to recover the original value." }, { "type": "compliance", "heading": "Compliance Mapping", "content": "This pain point intersects with GDPR Article 87 (national identification numbers), GDPR Article 9 (special categories — biometric data in photos), PCI-DSS (government IDs used for identity verification), and country-specific laws (US Privacy Act, German BDSG §22, India DPDP Act 2023). Government ID protection requires both broad entity coverage and country-specific format validation.\n\nanonym.legal's GDPR, HIPAA, PCI-DSS, ISO 27001 compliance coverage, combined with Hetzner Germany, ISO 27001 hosting, provides documented technical measures organizations can reference in their compliance documentation." }, { "type": "specifications", "heading": "Product Specifications", "specs": { "Entity Types": "285+", "Detection": "3-layer hybrid: Presidio + NLP + Stance classification", "Test Coverage": "100% (419/419 tests)", "Languages": "48", "Anonymization Methods": "Replace, Redact, Mask, Hash (SHA-256/512), Encrypt (AES-256-GCM)", "Platforms": "Web App, Desktop, Office Add-in, Chrome Extension, MCP Server, REST API", "Pricing": "Free €0, Basic €3, Pro €15, Business €29", "Hosting": "Hetzner Germany, ISO 27001", "Compliance": "GDPR, HIPAA, PCI-DSS, ISO 27001" } } ] }, "relatedLinks": [ { "label": "NP-01: Browser-Level PII Anonymization for AI Chat", "url": "NP-01-browser-pii-anonymization-chrome-extension-ai-chat.html" }, { "label": "NP-02: Discord E2EE Text Gap: PII Anonymization", "url": "NP-02-discord-e2ee-text-gap-pii-anonymization.html" }, { "label": "NP-04: Securing MCP Servers for PII Processing", "url": "NP-04-mcp-server-security-pii-processing.html" }, { "label": "NP-05: Anonymize Code Context Before AI Processing", "url": "NP-05-cursor-ide-privacy-mode-anonymize-code-context.html" }, { "label": "NP-08: Blocking vs. Anonymization: Nightfall DLP", "url": "NP-08-blocking-vs-anonymization-nightfall-dlp.html" }, { "label": "NP-10: Reversible Encryption for LLM Workflows", "url": "NP-10-reversible-encryption-llm-workflows-production.html" }, { "label": "anonymize.solutions Case Studies", "url": "../anonymize.solutions/index.html" }, { "label": "cloak.business Case Studies", "url": "../cloak.business/index.html" }, { "label": "anonym.plus Case Studies", "url": "../anonym.plus/index.html" }, { "label": "Back to anonym.legal Index", "url": "index.html" }, { "label": "Structural Analysis", "url": "../structural-analysis.html" }, { "label": "Dashboard", "url": "../dashboard.html" }, { "label": "Solution Finder", "url": "../solution-finder.html" }, { "label": "Coverage Matrix", "url": "../comparison.html" }, { "label": "PII Scanner", "url": "../scanner.html" } ], "metadata": { "lastModified": "2026-03-14" } }