Received: from drone9.rtp.icpbounce.com ([74.202.227.49]:34936) by stodi.digitalkingdom.org with esmtp (Exim 4.80.1) (envelope-from ) id 1YQLzT-0002HL-JU for treasurer@lojban.org; Tue, 24 Feb 2015 12:22:03 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=icontactmail1.com; h=Mime-Version:From:To:Date:Reply-To:Subject:List-Unsubscribe:Feedback-ID:Content-Type:Message-ID; bh=TCgq5QayzZMF6PK6KpByLzl5ovjEMaZogbU/MGVFzW4=; b=XhVHbYntHEHlh2mhCn4xQpE0b/daDDFoo5FU3djWHX9yIFXPCEJ4nxddnOzGjBZiJ6K0Vj2dGl6W Yjftz83uZbYXlcLviUbuecy9d9+9bLNCK4G/jGpTiwFrQr1C9WPMKoddETvkkClK0gz3i0QRuEJY kjwDwb+5ZnXQb/hSxPU= Mime-Version: 1.0 From: "National Center for Charitable Statistics, Urban Institute" To: Date: Tue, 24 Feb 2015 15:20:44 -0500 Reply-To: no-reply@form990.org Subject: Security Alert for Form 990 Online and 990-N e-Postcard Errors-To: bounces+887481.50665606.358695@icpbounce.com List-Unsubscribe: , X-List-Unsubscribe: X-Unsubscribe-Web: Feedback-ID: 887481_9234_358695:887481_9234:887481:icontact X-ICPINFO: X-Return-Path-Hint: bounces+887481.50665606.358695@icpbounce.com Content-Type: multipart/alternative; boundary="cdf82e78-582d-4a55-9037-dacf81ae37d3" Message-ID: <0.1.1C7.89D.1D0506F5E288BC0.0@drone9.rtp.icpbounce.com> X-Spam-Score: -0.9 (/) X-Spam_score: -0.9 X-Spam_score_int: -8 X-Spam_bar: / --cdf82e78-582d-4a55-9037-dacf81ae37d3 Content-Type: text/plain; charset = "utf-8" Content-Transfer-Encoding: quoted-printable February 24, 2015 To Users of 990 and ePostcard (990-N): The Urban Institute=E2=80=99s National Center for Charitable Statistics (NC= CS) recently discovered that an unauthorized party or parties have accessed the Form 990 Online and e-Postcard filing systems for nonprofit organizations. This unauthorized access affected nonprofit users of IRS Forms 990, 990-EZ, and 990-N (e-Postcard). In addition, it affected users of Form 8868 extensions and filings for charitable organizations in Hawaii, Michigan, and New York. We regret to inform you that the username, first and last name, email address, IP address, phone number, and password associated with your nonprofit organization were compromised in this incident. Once we discovered the attack, we contacted the IRS and made every effort to secure the systems and user accounts. We are working with law enforcement agencies as they conduct an investigation. In addition, we have retained a leading cybersecurity firm to help us analyze the situation and strengthen security. Currently we believe no information from the filings themselves was compromised. These forms do not contain Social Security numbers, credit card data, or individual tax filer information, so such sensitive information was not available to the hackers. Copies of the 990 returns, including the e-Postcard, are public documents that are released by the IRS. If you use the same password for your organization=E2=80=99s Form 990 Onlin= e and e-Postcard that you do for other websites or applications, we strongly encourage you to change it immediately in each of those instances, as well as on these systems. To enhance security, all users accessing the Form 990 Online and e-Postcard systems are required to change their passwords upon logging in, or were when they logged in most recently. We encourage you to be alert for unusual or suspicious emails and use caution when clicking on links or opening attachments from unknown senders. We sincerely apologize for this disruption and any inconvenience this incident may cause you. We have a strong commitment to privacy and data security, and we are continuing to do everything we can to protect against future attacks. Our investigation is ongoing, and we will let you know if it reveals new information that is relevant to your account. If you have any questions, please visit our [1]FAQ where you can obtain further information. While you can=E2=80=99t reply directly to this email, = you can email us at security@form990.org or call 1-800-564-9110 if you have more questions. Sincerely, Elizabeth T. Boris Director, Center on Nonprofits and Philanthropy at the Urban Institute References 1. http://faq.form990.org/=0AThis message was sent by: National Center for Charitable Statistics, Urban Institute, no-reply@form990.org, National Center for Charitable Statistics, Urban Institute, 2100 M Street, NW, Washington, DC 22192=0A=0AUpdate Email Address:=0Ahttp://app.icontact.com/icp/mmail-mprofile.pl= ?r=3D50665606&l=3D9234&s=3D8GE7&m=3D358695&c=3D887481=0A=0A=0A --cdf82e78-582d-4a55-9037-dacf81ae37d3 Content-Type: text/html; charset = "utf-8" Content-Transfer-Encoding: quoted-printable =0A<= /table>=0A=0A

=09 =09=09=09
=09=09=09=09=09 =09=09=09=09=09=09=09
=20 =09=09=09=09=09=09=09=09=09
=20 =09=09=09=09=09=09=09=09=09=09=20 =09=09=09=09=09=09=09=09=09=09=09=09
=0A

=09

=09 

=09February 24, 2015

=09 

=09To Users of 990 and ePostcard (990-N):<= /span>

=09 

=09The Urban Institute=E2=80=99s National = Center for Charitable Statistics (NCCS) recently discovered that an unautho= rized party or parties have accessed the Form 990 Online and e-Postcard fil= ing systems for nonprofit organizations. This unauthorized access affected = nonprofit users of IRS Forms 990, 990-EZ, and 990-N (e-Postcard). In additi= on, it affected users of Form 8868 extensions and filings for charitable or= ganizations in Hawaii, Michigan, and New York.

=09 

=09We regret to inform you that the userna= me, first and last name, email address, IP address, phone number, and passw= ord associated with your nonprofit organization were compromised in this in= cident.

=09 

=09Once we discovered the attack, we conta= cted the IRS and made every effort to secure the systems and user accounts.= We are working with law enforcement agencies as they conduct an investigat= ion. In addition, we have retained a leading cybersecurity firm to help us = analyze the situation and strengthen security.

=09 

=09Currently we believe no information fro= m the filings themselves was compromised. These forms do not contain Social= Security numbers, credit card data, or individual tax filer information, s= o such sensitive information was not available to the hackers. Copies of th= e 990 returns, including the e-Postcard, are public documents that are rele= ased by the IRS.

=09 

=09If you use the same password for your o= rganization=E2=80=99s Form 990 Online and e-Postcard that you do for other = websites or applications, we strongly encourage you to change it immediatel= y in each of those instances, as well as on these systems.

=09 

=09To enhance security, all users accessin= g the Form 990 Online and e-Postcard systems are required to change their p= asswords upon logging in, or were when they logged in most recently. We enc= ourage you to be alert for unusual or suspicious emails and use caution whe= n clicking on links or opening attachments from unknown senders.  &nbs= p;

=09 

=09We sincerely apologize for this disrupt= ion and any inconvenience this incident may cause you. We have a strong com= mitment to privacy and data security, and we are continuing to do everythin= g we can to protect against future attacks. Our investigation is ongoing, a= nd we will let you know if it reveals new information that is relevant to y= our account.

=09 

=09If you have any questions, please visit= our FAQ where you can obtain further information. While you can=E2=80=99t = reply directly to this email, you can email us at security@form990.org or c= all 1-800-564-9110 if you have more questions.

=09 

=09Sincerely,

=09 

=09Elizabeth T. Boris

=09Director, Center on Nonprofits and Phil= anthropy at the Urban Institute 

=09 

=20 =09=09=09=09=09=09=09=09=09=20 =09=09=09=09=09=09=09=09=09=20 =09=09=09=09=09=09=09=09

This message was sent to treasurer@lojban.org from:

National Center for Charitable Statistics, Urban Institute, no-reply@form990.org, National Center for Charitable Statistics, Urban Institute | 2100 M Street, NW | Washington, DC 22192
=0A=09=09=09=09=09=09 =09=0A=09=09=09=09=09Update Email Address=0A=09=09=09=09=0A=09=09=09=0A=0A=09=0A=0A --cdf82e78-582d-4a55-9037-dacf81ae37d3--