Report: Nonprofits Inadvertently Expose 630K Social Security Numbers
Tax filing season is here, which means identity thieves are on the prowl looking to get their hands on the personal information that’s readily available on your tax return. Even if you’ve been diligent with protecting your information, that doesn’t mean others have been as protective.
According to Identity Finder, several nonprofit organizations have inadvertently published more than half a million Social Security numbers in the public domain in the last decade.
Identity Finder analyzed more than 3.8 million tax returns from non-profit organizations, and found that 630,000 Social Security Numbers are currently living online from filings dating back to 2001. The report says that these individuals now face the prospect of living the rest of their lives at risk for identity theft and fraud.
Nonprofits have to file Form 990 for each person they give money to every year. These forms contain the recipient’s personal information in many cases, and are legally required to be made available to the public. Identity Finder reports that more than 130,000 nonprofits have filed these forms since 2001 for money given to high school and college scholarship recipients, board members, employees and in rare cases, even donors, that include their Social Security Numbers instead of their Preparer Tax Identification Number (PTIN).
When Identity Finder notified the IRS of the problem, the agency reportedly said “there is low risk of SSNs being improperly included in new Form 990s filings,” the report states. The agency also reportedly promised to “aggressively reach out to remind exempt organizations not to include SSNs or other unneeded personal information on the filings,” in the future.
Todd Feinman, CEO of Identity Finder, says the IRS could have prevented exposing people’s information by redacting these forms, even though they are available to the public.
While the number of exposed numbers, 630,000, is small relative to the total amount of returns filed every year, Feinman says it’s still problematic.
“[The IRS] says this is low-risk...which is true, it is a small number. But identity theft is a costly thing for victims.”
The massive data breach at Target (NYSE:TGT) over the holiday shopping season hit 70 million customers, and Feinman says companies and nonprofits seem to not have a “good enough insight” into what sensitive data is and how to protect it.
“Nonprofits could have prevented this with better procedures, and not having these Social Security numbers show up on returns,” he says.
Those who may be concerned that their personal information may have been included on a nonprofit tax filing form can check anonymously online at Identity Find, Feinman says. Many identity thieves mine data and save it for an opportune time, he adds. This means if a student received a scholarship 10 years ago, he or she may be more prone to identity theft as an adult.
“Forty-years-old is the prime time to start having your identity stolen, and identity thieves will harvest your information and hang onto it to use later,” he says. “The message in this report is clearly that organizations, in light of all of the things that are happening now, should do more to make sure this doesn’t happen again. And with tax season coming up, accountants need to be much more aware.”