The Urban Institute’s National Center for Charitable Statistics (NCCS) recently discovered that an unauthorized party or parties gained access to the Form 990 Online and e-Postcard filing systems for nonprofit organizations.
The intruder or intruders retrieved email addresses, usernames, passwords, first and last names, IP addresses, phone numbers, and addresses and names of nonprofits. This incident affects all users who have filed with the online versions of Forms 990, 990-EZ, and 990-N (e-Postcard). In addition, it affects users of Form 8868 extensions and filings for charitable organizations in Hawaii, Michigan, and New York.
Anyone who has used either the Form 990 Online or the e-Postcard systems is being encouraged to change their passwords. If they have used the same username and password combination on other sites or applications, they are encouraged to change them in those instances as well.
No sensitive information, such as Social Security numbers or credit cards, is stored on these systems, so these details were not available to intruders. There is no evidence to suggest that the filings themselves were compromised. Copies of the 990 returns, including the e-Postcard, are public documents that are released by the IRS.
The Urban Institute took immediate steps to secure the systems, alerted the IRS, and is working with law enforcement as they conduct an ongoing investigation.
The Urban Institute is home to the Center on Nonprofits and Philanthropy (CNP) and the National Center for Charitable Statistics (NCCS). NCCS works with the IRS, state charity officials, policymakers, and researchers, to collect and analyze data on the nonprofit sector. It also offers assistance and information directly to nonprofits.
In 2000, NCCS began work on electronic filing of state and federal forms and was one of the first organizations to offer electronic filing for nonprofits with the IRS beginning in 2004. In 2007, NCCS adapted its e-filing technology so that small organizations could complete the e-Postcards that the Congress mandated in the Pension Protection Act of 1996. NCCS launched the e-Postcard site in early 2008.
NCCS, Center on Nonprofits and Philanthropy, and the Urban Institute play no role in evaluating, screening, or assessing nonprofit organizations’ returns.
The nonprofit Urban Institute is dedicated to elevating the debate on social and economic policy. For nearly five decades, Urban scholars have conducted research and offered evidence-based solutions that improve lives and strengthen communities across a rapidly urbanizing world. Their objective research helps expand opportunities for all, reduce hardship among the most vulnerable, and strengthen the effectiveness of the public sector.
SOURCE: The Urban Institute
In related news, Elise Viebeck reports:
An official with the Urban Institute estimated that between 600,000 and 700,000 organizations were affected by the breach. At this point, there is apparently no evidence that tax filings themselves were compromised. There were also no Social Security numbers or credit card information in the system, the official said.