Tuesday, February 24, 2015

Nonprofits: Form 990 Online and e-Postcard filing systems hacked

Here's an e-mail I received today:

The Urban Institute’s National Center for Charitable Statistics (NCCS) recently discovered that an unauthorized party or parties have gained access to the Form 990 Online and e-Postcard filing systems for nonprofit organizations. This unauthorized access affected nonprofits that used IRS Forms 990, 990-EZ, and 990-N (e-Postcard). It also affected users of Form 8868 extensions and filings for charitable organizations in Hawaii, Michigan, and New York.

Once we discovered the attack, we contacted IRS and made every effort to secure the systems and user accounts. We are working with law enforcement agencies as they conduct an investigation. In addition, we have retained a leading cybersecurity firm to help us analyze the situation and strengthen security. Our investigation is ongoing.

Based on current information, we believe no information from the filings themselves was compromised. These forms do not contain Social Security numbers or individual tax filer information, so such sensitive information was not available to the hackers. Copies of the 990 returns, including the e-Postcard, are public documents that are released by the IRS annually.

If you use these systems on behalf of your nonprofit, we strongly encourage you to change your password immediately. If you use the same password for your organization’s Form 990 Online and e-Postcard that you do for other websites or applications, we strongly encourage you to change it immediately in each of those instances.

No comments: