|Unauthorized Access to Our System|
|Notice of Unauthorized Access to Our System|
Posted: August 30, 2023
This is a notification of an incident involving unauthorized access of information in our Form 990 Online
system. Although we are not aware of any actual misuse of your information, we are providing notice to all of
our customers about the incident so that you can take steps to protect yourself from any potential adverse
actions from this unauthorized access. We have notified the IRS of this incident and they aware of what
happened and they are in agreement with the steps we have taken to protect the information in the
We detected that intruders had gained unauthorized access to our system. We took immediate steps to get them
out of the system and block them from coming back in. At the same time we engaged a cybersecurity company to
help us determine how they got in (so we can prevent it from happening again), how to permanently block them,
and what information they were able to access while they were in the system. The investigation uncovered that
they likely were able to retrieve all the data from the user table in our database. They also had access to
other tables in our database, but, at this point, we do not have any definitive indication that they took any
of that data.
What information was involved?
We know that they were able to access all the records in our user table. As a result, they were able to
download the full name, Login ID, email address, organization name, address and phone number you used when you
registered with our system. We encrypt all user passwords in our system using industry standard encryption
algorithms, so, even though your password was included in the information that they extracted from the user
table, it is very unlikely they will be able to use it because it is encrypted.
We do not ask for (or store) any other personal information in our system (i.e. credit card numbers, SSN
numbers, account numbers, etc.) so they were not able to retrieve any of that type of information from the
database. We also do not store your return information in our database. Based on the analysis from the
cybersecurity company, the intruders had no access to the Form 990/State filings stored in our system.
Actions we have taken
We have corrected the problem in our firewall that the intruders used to gain access to our system. We have
corrected the specific weaknesses in our software identified by the cybersecurity company that allowed the
intruders to exploit the problem with our firewall and gain access our database. We also plan to engage a
security firm to provide ongoing scanning, analysis and testing of our systems to prevent this from happening
in the future.
Why this notification was delayed
The unauthorized access of our system occurred on May 12, 2023. We apologize that it has taken so long to
notify you of this incident. Once we realized the unauthorized access occurred, we immediately blocked the
intruder and hired a cybersecurity company to work with us to find out what happened and help us further secure
our system. When we knew the cause and the system was fully secure, we informed the IRS of the incident so
that they could evaluate what happened and our response and recovery. We held off notifying anyone else while
the IRS investigated the incident with the understanding that disclosing it before their investigation was
complete might interfere with their investigation. When the IRS investigation was complete, we notified our
state Charity Bureau partners and worked with them so they understood what happened. All those steps took
longer than we expected, and, as a result, this notification is being sent to you later than we hoped.
Steps you can take
Change Password: Even though we are confident the encrypted passwords that the intruders
downloaded are secure, as a precaution, our system will require you to change your password the next time you
log in. When you change your password, please make sure you create a new password that you do not use for
Beware of Phishing: Because we believe the intruders have our user�s names and email addresses,
it is possible they could attempt to launch a phishing attack on our users. If you receive an email that
appears to be from us, please verify the email address before taking any action. All emails from us will
always come from the domain form990.org. Also, we will NEVER ask you for your password in any of our
Additionally, if you receive an email that appears to be from our system that contains a link to our website,
please make sure that the domain for our website is correct before clicking the link. Our website domain is
form990.org (with no dashes or underscores). Our primary website URL is efile.form990.org, but www.form990.org
is valid too.
If you are ever unsure about an email you receive from our system, please contact us at [email protected] and
we will be able to confirm whether the email is a legitimate email from us or not.
If you have any questions
If you have any further questions about this unauthorized access incident, please email us at
[email protected] (or just reply to this email). We would be happy to answer your questions and/or provide
any additional information or support you need regarding this issue.