Nonprofit Cyber Security Breach at NCCS

Cyber security breach of nonprofits

A statement, published on The Nonprofit Quarterly‘s site yesterday, from Elizabeth Boris, Director, Center on Nonprofits and Philanthropy at the Urban Institute, announced the discovery that an unauthorized party accessed information of users of IRS Forms 990, 990-EZ, ePostcard (990-N), as well as Form 8868 for organizations in HI, MI, and NY.   The satement went on to inform users that the information accessed included”…the username, first and last name, email address, IP address, phone number and password associated with your nonprofit organization were compromised in this incident.”  According to The Hill, “…there is no evidence that tax filings were compromised, and no Social Security or credit card numbers were in the system.”

The notification goes on to urge any of the affected organizations to immediately change passwords if they are used for other applications.  Links to the appropriate portals to change the form passwords are also included.

According to the Huffington Post‘s coverage of the incident, this breach affects, “hundreds of thousdands of charitable organziations that use its (NCCS) system for filing taxes.”

What can you do now?

Boris’ letter further instructs: “If you have any questions, please visit our FAQ where you can obtain further information. While you can’t reply directly to this email, you can email us at [email protected] or call 1-800-564-9110 if you have more questions.”

Here at Third Sector Today, we love sharing the exciting and ever-evolving opportunities that technology makes available- like increased reach to new donors and ways to keep current donors and stakeholders engaged- but we also encourage you all to heed the advice of experts on how best to stay secure.

Here are some past stories which can provide you with additional resources:

Cyber Security Q&A: Nonprofits at Risk- This interview with cyber security expert, Chris DuFour, highlights simple steps every nonprofit should take to be sure its data is as secure as it can be.

An IT Director’s Guide to Securing Data at Your Nonprofit-  Spencer Bolles is the IT Director at Bay Area Community Resources, provides this guide to help your organization.




  • paul dave

    Great article. Thanks for the info, this is really a helpful post. BTW, if anyone needs to fill out a IRS form 8868, I found a blank form in this site PDFfiller. This site also has several related forms that you might find useful.