IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Mormon Church reveals data breach seven months after incident transpired

The church said that federal authorities suspect the breach was part of a pattern of state-sponsored cyber attacks

The Church of Jesus Christ of Latter-day Saints revealed yesterday that it was the target of a cyber attack in March 2022 that led to the theft of personal data.

The church, also known as the Mormon Church, said it had detected unauthorised activity on 23 March in certain computer systems that impacted the personal data of some of its members, employees, contractors, and friends. 

Related Resource

Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities

Whitepaper cover with title and text, and image of pyramid cyber-resilience modelFree Download

The personal data involved in the breach was related to those who either had registered online accounts with the church or had their personal information stored by the organisation because they were employed by it.

This included usernames, membership record numbers, full names, gender, email addresses, birthdates, mailing addresses, phone numbers, and preferred language. The affected data didn’t include the donation history or any banking information associated with online donations, it said.

“We immediately notified federal law enforcement authorities in the United States and were asked to keep the incident confidential to protect the integrity of the investigation,” said the church. “This instruction was lifted on 12 October 2022, and we notified affected individuals.”

It added that US federal law enforcement authorities suspect that the intrusion was part of a pattern of state-sponsored cyber attacks aimed at organisations and governments around the world that are not intended to cause harm to individuals.

Since the breach was discovered, the church said it has been working with US federal law enforcement authorities and third-party cyber security experts to establish the origin, nature, and scope of this incident, and to mitigate possible ramifications.

The church added that law enforcement authorities believe that the risk of the stolen information being used to harm individuals is low. The monitoring efforts from the authorities haven’t identified any attempts of harmful use either.

“Protecting the confidential information of our members, employees, contractors, and friends is critical,” the church added. “We continue to do all we can to ensure such information is safeguarded.”

It advised those who have been affected to remain vigilant about the security of their personal data by monitoring personal accounts, frequently changing passwords, selecting strong and different passwords for every account, and taking action on any suspicious activity. 

“This breach against the Church of Jesus Christ of Latter-day Saints highlights that no organisation is immune to cyber attacks,” said Julia O’Toole, CEO at MyCena Security Solutions, to IT Pro.

“While it’s positive that no financial information was compromised, the data stolen can still be used to perform phishing attacks and be sold on the dark web to build profiles on the victims and tie it to other pieces of data linked to them that is already available.”

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022