Sometimes it seems as though nothing we submit online is safe from hackers.
The latest hacking news came from the company that accepts online 990 and 990-N filings from non-profit organizations for transmission to the IRS. Yesterday anyone who submitted such a filing online within the past few years received an email which started out this way, to wit:
The Urban Institute’s National Center for Charitable Statistics (NCCS) recently discovered that an unauthorized party or parties have accessed the Form 990 Online and e-Postcard filing systems for nonprofit organizations. This unauthorized access affected nonprofit users of IRS Forms 990, 990-EZ, and 990-N (e-Postcard). In addition, it affected users of Form 8868 extensions and filings for charitable organizations in Hawaii, Michigan, and New York.
We regret to inform you that the username, first and last name, email address, IP address, phone number, and password associated with your nonprofit organization were compromised in this incident.
Here's the web version of the warning.
It went on to say that they don't think the filings themselves were compromised and that users would be required to change their passwords the next time they logged in. That presumes the hackers have not already changed the passwords.
What would a hacker do with the information? Well, for starters, it's not hard to imagine some mischief making by radical lefties against conservative non-profits.
Personal Login Information: The personal information you provide to us when you request a login ID will not be given, sold, or otherwise provided to any individual or organization that is not involved with the 990-N (e-Postcard) process. This information (with the exception of your email address) WILL be made available to the IRS as part of the filing process. We do not send your email address to the IRS.