News Blog

Form 990 Online Security Breach

Posted 9:40 PM by

The Urban Institute's National Center for Charitable Statistics (NCCS) recently discovered that an unauthorized party (or parties) has accessed the Form 990 Online and e-Postcard filing systems for nonprofit organizations. This unauthorized access affected nonprofit users of Internal Revenue Service (IRS) Forms 990, 990-EZ and 990-N (e-Postcard). In addition, it affected users of Form 8868 extensions and filings for charitable organizations in Hawaii, Michigan and New York.

The unauthorized access only impacts organizations who use the Urban Institute's site to file their returns. Organizations who use an accounting firm or mail paper returns to the IRS are not affected.

The username, first and last name, e-mail address, IP address, phone number and password associated with nonprofit organizations were compromised in this incident.

The NCCS believes no information from the filings themselves was compromised. These forms do not contain Social Security numbers, credit card data, or individual tax filer information, so such sensitive information was not available to the hackers. Copies of the 990 returns, including the e-Postcard, are public documents that are released by the IRS.

If you use the same password for your organization's Form 990 Online and e-Postcard that you do for other websites or applications, the NCCS strongly encourages you to change it immediately in each of those instances, as well as on these systems.

To change your password on the Form 990, click here.

To change your password on the e-Postcard, click here.

For questions, please visit this FAQ page, send an e-mail to or call 1.800.564.9110.

For more information regarding the Form 990, please contact us.

Source: National Center for Charitable Statistics, Urban Institute