The NCCS handles the online filing of Forms 990, 990EZ and 990N for the IRS. Information compromised includes usernames, email addresses, IP addresses, phone numbers and passwords associated with nonprofit organizations that e-filed though the compromised site.
NCCS is working with law enforcement and a cyber-security company to investigate the incident. They have sent out an email to anyone who set up an online account suggesting they change their online password. They have issued a statement which contains links to pages to change the organization’s password.
The data compromised should not affect any individuals since the 990 forms do not use SSNs or personal tax info. Actually, a Form 990 is public record.
This is one time an email warning you that your password has possibly been stolen is not a scam.