Non-profits Expose Personal Info, Hundreds of Thousands at Risk for Identity Theft
NEW YORK (MainStreet) Your charitable intentions could be exposing you to identity theft. Research conducted by security firm Identity Finder has found hundreds of thousands of examples of exposed personal data contained in the annual tax returns required to be filed by tax exempt organizations.
These IRS Form 990s are scanned and open to public inspection.
While the documents are supposed to exclude non-public personal information, the study found more than 130,000 nonprofit organizations have published an estimated 630,000 Social Security numbers since 2001. The exposed personal information belongs to high school and college scholarship recipients, community foundation recipients, board members, employees and donors.
In response to a query from Identity Finder, the IRS said the risk of exposure is low.
"The IRS conducted an internal review of the Form 990 series. After reviewing a statistically valid sample of recent filings, the IRS confirmed that there is low risk of Social Security numbers being improperly included in new Form 990 filings," said Amy Stanton, Director of the Office of Privacy and Information Protection for the IRS. "Given the low risk, the IRS resumed the release of new Form 990 series to third-party groups. However, the IRS will periodically conduct a statistically valid sample of new Form 990s to ensure that the risk remains low."
Identity Finder has urged the IRS to scan and remediate all documents before putting them in the public domain. The IRS has made no commitment to remove Social Security numbers from existing documents, but promised to "aggressively reach out to remind exempt organizations not to include SSNs or other unneeded personal information on the filings."
"Non-profit organizations should be more diligent in reviewing [tax forms] before filing with the IRS," the study says. "Donors should never share their Social Security number with charities. [And] organizations should avoid placing personal information (especially SSNs) on public documents such as court documents." While the study was limited to IRS Form 990s, the security firm notes other government documents could also contain personal information that could be used to commit identity fraud -- including professional licensing documents, state and federal court filings, SEC filings, and property documents.
--Written by Hal M. Bundrick for MainStreet