Identity Finder Scans Nearly 3 Million Public Non-Profit Tax Returns, Finds Almost 1/2 Million SSNs
Media Contact
Victoria Soltero
Identity Finder, LLC
+1-888-244-3790
vs990@identityfinder.com
New York, NY – April 9, 2012 – Identity Finder, LLC (http://www.identityfinder.com/) today released the most comprehensive analysis of sensitive information contained within public IRS Form 990 tax returns ever performed. Using the Identity Finder DLP 6.0 software, security researches scanned 2,892,475 IRS Form 990s from tax years 2001 through 2006 for sensitive information such as social security numbers (SSNs).
The Form 990 is the tax return form for tax-exempt organizations such as public charities and private foundations. Even though SSNs are not required on Form 990, Identity Finder found that 132,362 charitable organizations published 472,866 SSNs, of which 171,005 were unique. Between 2001 and 2006, more than 18% of all non-profit organizations or their tax preparers published at least one SSN on their public tax return. In all, 287,238 Form 990 returns contained at least one SSN.
All Form 990s are "Open to Public Inspection," and are regularly published by the IRS and multiple third parties. High school and college scholarship recipients, tax preparers, directors, employees, trustees, and donors were the primary populations whose SSNs were exposed. At least 35% of the total SSNs belonged to tax preparers who identified themselves by their SSN instead of Preparer Tax Identification Number (PTIN). Charitable organizations who believe they might have exposed SSNs on their Form 990s may find out by using Identity Finder’s easy-to-use web tool to determine how many.
"Organizations and tax preparers must understand the risks of including social security numbers on public documents, such as the IRS 990 form," said Todd Feinman, CEO of Identity Finder. "Unlike a credit card number, social security numbers cannot easily be revoked. Given the risks of identity theft, tax preparers should avoid including SSNs on 990 forms."
Given it is currently tax season, Identity Finder issued the following guidance to individuals and charitable organizations in the report:
- Nonprofit organizations who have published SSNs should warn those affected that they may be at increased risk of identity fraud.
- Organizations should avoid placing personal information (especially SSNs) on public documents such as Form 990s and court documents.
- College foundations should determine whether exposure of student PII on tax returns violates provisions of the Family Educational Rights and Privacy Act of 1974 (FERPA).
- Donors should not share their SSN with charities.
- Scholarship applicants should review the most recent Form 990 of any foundation prior to applying to verify that they do not publish SSNs.
- Individuals should always require any organization to justify a request for his or her SSN.
- Tax preparers should provide their PTIN rather than their SSN on tax documents.
- Tax preparers should ensure no PII is unnecessarily disclosed on IRS forms they approve.
- The IRS should publish explicit guidance explaining that SSNs are not to be published on Form 990s.
- The IRS and other stewards of past 990 filings should only provide redacted copies of the forms.
- The IRS, courts, and private stewards of public documents should use data loss prevention and data discovery software such as Identity Finder to prevent the disclosure of PII on documents made public.
To download Identity Finder’s complete report and find out whether your organization published SSNs on its Form 990, visit http://www.identityfinder.com/990report.
SSNs Exposed, By State
The following table lists the approximate number of social security numbers leaked in Form 990s, based upon the headquarters of the public charity or private foundations whose Form 990 tax return contained SSNs. Because most nonprofit organizations provide a benefit to individuals within their state, this map is a good illustration of where most people whose SSN has been exposed live.
| State/Territory | SSNs | Rank |
| Alabama |
6,195 |
19th |
| Alaska |
4,237 |
25th |
| American Samoa |
12 |
55th |
| Arizona |
3,151 |
36th |
| Arkansas |
4,169 |
26th |
| California |
23,044 |
2nd |
| Colorado |
3,737 |
31st |
| Connecticut |
4,518 |
23rd |
| Delaware |
1,134 |
49th |
| District of Columbia |
4,102 |
28th |
| Federated States of Micronesia |
1 |
57th |
| Florida |
17,708 |
5th |
| Georgia |
9,252 |
12th |
| Guam |
13 |
54th |
| Hawaii |
1,687 |
41st |
| Idaho |
4,055 |
29th |
| Illinois |
14,928 |
8th |
| Indiana |
6,407 |
17th |
| Iowa |
3,526 |
33rd |
| Kansas |
5,813 |
20th |
| Kentucky |
2,758 |
37th |
| Louisiana |
3,320 |
34th |
| Maine |
1,229 |
46th |
| Maryland |
4,716 |
21st |
| Massachusetts |
10,939 |
11th |
| Michigan |
7,916 |
14th |
| Minnesota |
4,579 |
22nd |
| Mississippi |
3,212 |
35th |
| Missouri |
7,600 |
15th |
| Montana |
1,164 |
48th |
| Nebraska |
1,562 |
43rd |
| Nevada |
1,564 |
42nd |
| New Hampshire |
2,107 |
39th |
| New Jersey |
7,565 |
16th |
| New Mexico |
1,846 |
40th |
| New York |
30,126 |
1st |
| North Carolina |
15,327 |
7th |
| North Dakota |
732 |
51st |
| Northern Mariana Islands |
9 |
56th |
| Ohio |
15,597 |
6th |
| Oklahoma |
3,830 |
30th |
| Oregon |
2,538 |
38th |
| Pennsylvania |
21,477 |
4th |
| Puerto Rico |
1,343 |
44th |
| Rhode Island |
8,483 |
13th |
| South Carolina |
4,127 |
27th |
| South Dakota |
629 |
52nd |
| Tennessee |
6,211 |
18th |
| Texas |
22,638 |
3rd |
| Utah |
1,270 |
45th |
| Vermont |
947 |
50th |
| Virgin Islands |
43 |
53rd |
| Virginia |
11,365 |
10th |
| Washington |
3,632 |
32nd |
| West Virginia |
4,259 |
24th |
| Wisconsin |
13,681 |
9th |
| Wyoming |
1,197 |
47th |
About Identity Finder
The company’s data discovery technology provides users the ability to prevent identity theft and data leakage. They are a leader in identity protection and data loss prevention (DLP). For more information, visit www.identityfinder.com.