>
The Church of Jesus Christ of Latter-day Saints, often referred to as the LDS Church or Mormon Church, has suffered a data breach involving sensitive personal information of Church members, employees, contractors, and friends. Payment and other bank details were not affected.
in a Announcement (opens in new tab) Church said the data breach happened in late March 2022, but because the law enforcement investigation was still ongoing, it was asked to keep the incident confidential.
Church has not named the threat actor behind the attack, nor has it said whether there is malware (opens in new tab) was used, but it said US federal law enforcement authorities suspect the break-in was “part of a pattern of state-sponsored cyberattacks targeting organizations and governments around the world” that is not intended to harm individuals.
Bank details safe
When the hackers managed to get into the church’s database, they stole “basic” data, including usernames, membership numbers, full names, gender, email addresses, dates of birth, postal addresses, phone numbers and preferred language.
While donation history or banking information has not been compromised, it is still sufficiently sensitive data for identity theft, phishing, and other fraud.
So far, the Church has seen no evidence of the data being used in the wild, but has urged everyone to be extra vigilant when receiving emails, texts or phone calls, and to be alert to potential fraud attempts.
It also added that whoever was affected by the incident had already been contacted, and those who had additional questions could get in touch at the phone numbers listed. here (opens in new tab).
To keep its members, employees, contractors and friends safe, the Church has hired outside forensic experts, U.S. federal law enforcement and “other cybersecurity professionals” who have investigated the incident and “further enhanced” the security of church systems. It did not specify what this improvement means, nor did it provide identity protection services to affected individuals.