NEW YORK, April 9, 2012 /PRNewswire/ -- Identity Finder, LLC (http://www.identityfinder.com) today released the most comprehensive analysis of sensitive information contained within public IRS Form 990 tax returns ever performed. Using the Identity Finder DLP 6.0 software, security researches searched 2,892,475 IRS Form 990s from tax years 2001 through 2006 for personally identifiable information such as social security numbers (SSNs).
The Form 990 is the tax return form for tax-exempt organizations such as public charities and private foundations. Even though SSNs are not generally required on a Form 990, Identity Finder found that 132,362 organizations published 472,866 SSNs, of which 171,005 were unique. Between 2001 and 2006, more than 18% of all non-profit organizations or their tax preparers published at least one SSN on their public tax return. In all, 287,238 Form 990 returns contained at least one SSN.
All Form 990s are "Open to Public Inspection," and are regularly published by the IRS and multiple third parties. High school and college scholarship recipients, tax preparers, directors, employees, trustees, and donors were the primary populations whose SSNs were exposed. At least 35% of the total SSNs belonged to tax preparers who identified themselves by their SSN instead of Preparer Tax Identification Number (PTIN). Charitable organizations who believe they might have exposed SSNs on their Form 990s may find out more information by using Identity Finder's easy-to-use web tool to determine how many.
"Organizations and tax preparers must understand the risks of including social security numbers on public documents, such as the IRS 990 form," said Todd Feinman, CEO of Identity Finder. "Unlike a credit card number, social security numbers cannot easily be revoked. Given the seriousness and ubiquity of identity fraud, tax preparers should avoid including SSNs on Form 990s."
Given that it is currently tax season, Identity Finder issued the following guidance to individuals and charitable organizations:
- Nonprofit organizations who have published SSNs should warn those affected that they may be at increased risk of identity fraud.
- Organizations should avoid placing personal information (especially SSNs) on public documents such as Form 990s and court documents.
- College foundations should determine whether exposure of student PII on tax returns violates provisions of the Family Educational Rights and Privacy Act of 1974 (FERPA).
- Donors should not share their SSN with charities.
- Scholarship applicants should review the most recent Form 990 of any foundation prior to applying to verify that they do not publish SSNs.
- Individuals should always require any organization to justify a request for his or her SSN.
- Tax preparers should provide their PTIN rather than their SSN on tax documents.
- Tax preparers should ensure no PII is unnecessarily disclosed on IRS forms they approve.
- The IRS should publish explicit guidance explaining that SSNs are not to be published on Form 990s.
- The IRS and other stewards of past 990 filings should only provide redacted copies of the forms.
- The IRS, courts, and private stewards of public documents should use data loss prevention and data discovery software such as Identity Finder to prevent the disclosure of PII on documents made public.
To download Identity Finder's complete report and find out whether your organization published SSNs on its Form 990, visit http://www.identityfinder.com/990report.
About Identity Finder
The company's data discovery technology provides users the ability to prevent identity theft and data leakage. They are a leader in identity protection and data loss prevention (DLP). For more information, visit http://www.identityfinder.com.
Identity Finder, LLC
SOURCE Identity Finder, LLC