The open records organization, Public.Resource.org recently announced that the IRS posted thousands of SSNs on their website in form 990s. Earlier today John Mello wrote a follow-up article entitled, Who Needs Anonymous When You’ve Got the IRS?, which highlighted Identity Finder’s 2012 report on 472,866 social security numbers currently posted in IRS documents online.
“Thousands of Social Security Numbers were there for anyone to take,” he told TechNewsWorld. “If you’re an identity thief, you have a one in six chance of downloading a 990 from 2001 and getting a Social Security Number,” Feinman said. “Those are better odds than Vegas.”
Identity Finder is working with Public.Resource.org and has provided a copy of the report to Congressman Tom Latham, who recently sent a letter to the IRS requesting information on how such a breach could have occurred.
Key recommendations of the report include:
- Donors should never share their social security number with charities.
- Scholarship applicants should always require any organization to justify a request for his or her social security number and should not be afraid to decline to provide it.
- Organizations should avoid placing personal information (especially SSNs) on public documents such as court documents.
- Nonprofit organizations who learn they have published SSNs should warn those affected that their names and SSNs are part of a document on public record and that they may be at increased risk of identity fraud.
- Tax preparers should review IRS forms they approve to ensure no personally identifiable information is unnecessarily disclosed.
- The IRS and other sources of past 990 filings should only provide redacted copies of the forms.