Taxpayers Receive IRS Form 990 Security Alert after Hack-Truth!

Taxpayers Receive IRS Form 990 and e-Postcard Security Alert after Hack – Truth!

Summary of eRumor:  

The Urban Institute’s National Center for Charitable Statistics sent out a security alert in February of 2015 after a hacker gained access to its Form 990 and e-Postcard filing systems.

The Truth:



It’s true that the Urban Institute’s National Center for Charitable Statistics (NCCS) issued a security alert on February 24, 2015, after its filing system for tax forms was hacked.

Hackers were able to access individual taxpayer’s usernames, first and last names, email addresses, IP addresses, phone numbers and passwords tied to other non-profit organizations that use the filing system, the Urban Institute said

“This incident affects all users who have filed with the online versions of Forms 990, 990-EZ, and 990-N (e-Postcard). In addition, it affects users of Form 8868 extensions and filings for charitable organizations in Hawaii, Michigan, and New York.

“Anyone who has used either the Form 990 Online or the e-Postcard systems is being encouraged to change their passwords. If they have used the same username and password combination on other sites or applications, they are encouraged to change them in those instances as well.

“No sensitive information, such as Social Security numbers or credit cards, is stored on these systems, so these details were not available to intruders. There is no evidence to suggest that the filings themselves were compromised. Copies of the 990 returns, including the e-Postcard, are public documents that are released by the IRS.”

As many as 700,000 organizations that use the same Form 990 and e-Postcard filing system may have also been hacked, The Hill reports:

“An official with the Urban Institute estimated that between 600,000 and 700,000 organizations were affected by the breach….

“Hackers repeatedly target D.C. think tanks. Security analysts say there is virtually no major organization or agency in the city that has not faced a breach or hacking attempt of one kind or another, though almost none will confirm the details. 

“Chinese state-sponsored hackers are believed to be at fault in some cases. The hacker collective known as “Deep Panda,” which may have been responsible for the recent attack on Anthem, launched a series of attacks targeting Middle East experts at think tanks around Washington in 2014.”

Taxpayers are encouraged to change their passwords on Form 990 and on the e-Postcard. Click here to change your Form 990 password, and click here to change your e-Postcard password.

Taxpayers should also be skeptical of any emails or phone calls that they receive about Form 990, the e-Postcard, or any other tax documents since hackers may have accessed their contact information. The IRS has online resources available to help protect taxpayers from identity theft, and it also has an online portal where taxpayers can report fraud.