April 09, 2012, 3:44 PM — The big data-security news today is the revelation that the data breach announced by Utah Medicaid services last week compromise the financial, medical and other personal information of between 280,000 and 500,000 people, not the 24,000-some that previous reports estimated.
Investigators have theorized that organized crime gangs in Eastern Europe are responsible for the attack April first or second on the Utah Department of Health servers, which netted private data on 181,604 Medicaid clients.
It's a huge attack that will have repercussions for years to come. A far lower-key series of data leaks may pose a far greater risk than any one-time data heist, however.
The problem is the tax forms that both corporations and individuals fill out in order to get credit for their largesse.
To make a donation tax deductible, taxpayers need a receipt. To get it they often have to fill out and submit to the charity a copy of IRS tax form 990. Donors don't have to put their Social Security numbers on the forms.
Until concerns about identity theft began to grow earlier this decade, however, it was common for non-profits to ask for SSNs on the 990 forms, even though the forms are officially public property and are stamped with the words "Open to Public Inspection."
In a review of millions of IRS 990 forms, New York identity-theft-prevention vendor Identity Finder reports it was able to harvest almost 500,000 Social Security numbers (full report as a PDF).
Identity Finder's main product Identity Finder, can be installed on PCs and Macs, or on corporate networks to scan all available hard drives and identify sensitive data that is stored unencrypted and unsecured. It can then either delete the data, lock it up or send business managers a notice highlighting the potential exposure of their departments.