The Church of Jesus Christ of Latter-day Saints, Utah, has disclosed a data breach, joining the list of US churches that were victims of cyber-attacks.
The database of the church was breached by currently unknown hackers on March 23, 2022. Upon detecting unauthorized access to its systems, the authorities of the church immediately notified the United States federal law enforcement authorities. Situated in Salt Lake City, the church broke the news to impacted individuals on October 12, after the mandatory assessment and embargo prescribed by the regulators.
Personal data including contact information, username, membership record number, full name, gender, email address, birth date, mailing address, phone number, and preferred language details are suspected to be exposed to hackers. However, donation history documents were not impacted, nor was banking data related to donors breached.
The church authorities followed the protocol suggested by the federal authorities to keep the matter undisclosed until there was enough data to move ahead and make a formal announcement of the data breach incident. They have also been working with third-party cybersecurity experts to assess the situation.
It is suspected by the United States federal law enforcement authorities that it could be part of state-sponsored cyber-attacks that have been targeting organizations and governments around the world.
As per reports, several religious organizations have been facing online attacks that stole millions of dollars from impacted entities. Since religious organizations, local or global, collect user data, including personal and family details, it is time they upgrade their systems and work with cybersecurity experts to secure their systems from similar cyber-attacks, warned US regulatory authorities.
Moreover, everyone from the staff and volunteers must be trained in detecting, reporting, and addressing malicious activities in their church’s systems. If they develop a response plan, they will be in a better position to curb damages caused by threat actors, the authorities suggested.