A prominent Washington, D.C. think tank has been hacked, compromising email addresses, passwords and other information of hundreds of thousands of charitable organizations that use its system for filing taxes.
The Urban Institute released a statement Tuesday saying that its National Center for Charitable Statistics had been accessed by hackers, who breached usernames, passwords, IP addresses and other account data.
The Hill reports that up to 700,000 organizations that use the system could be affected, but there is no evidence that tax filings were compromised, and no Social Security or credit card numbers were in the system.
"We have a strong commitment to privacy and data security, and we are continuing to do everything we can to protect against future attacks," Elizabeth Boris, the director of the Center on Nonprofits and Philanthropy at the institute, wrote. "Our investigation is ongoing, and we will let you know if it reveals new information that is relevant to your account."
Officials reportedly first noticed suspicious activity on Jan. 7, but didn't know the scope of the breach. On Jan. 23, the institute confirmed that hackers had gained access to its e-Postcard filing system, which serves nonprofits with gross annual receipts of $50,000 or less, according to The Hill.
On Feb. 4, an investigation revealed that hackers had also gained access to the Form 990 system, which serves nonprofits that have gross receipts of more than $50,000 annually. All users were prompted to change their passwords.
The institute didn't reveal who it believes was behind the attack or how hackers got in. Boris wrote that the institute had retained "a leading cybersecurity firm" to help strengthen security, but didn't reveal which firm it hired.