The LDS Church or Mormon Church of Jesus Christ has been formerly known as a data breach that involved sensitive personal information of Church members, employees, contractors, and friends. Payment and other banking information were not affected.
In a letter (opens in a new tab) the Church said the data breach happened in late March 2022, but as the law enforcement investigation was ongoing, it was requested to keep the incident confidential.
The Church did not specify the threat protagonist who launched the attack, nor did it determine if there was any malware (opens in a new tab), but it did say that federal law enforcement authorities in the United States believed the intrusion was part of a group of state-sponsored cyberattacks targeting organizations and governments around the globe that is not intended to harm individuals.
Banking data safe
The hackers accessed the Churchs database by stealing basic information, including usernames, membership records, full names, gender information, email addresses, birthdates, postal addresses, and phone numbers.
While donation history or banking information was not affected, this is still enough information for identity theft, phishing, and other forms of fraud.
So far, the Church has not seen evidence of the use of information in the wild, but it has urged everyone to be more vigilant when it comes to any email, SMS, or phone calls, and to be on the lookout for potential fraud attempts.
The report also added that whoever was affected by the incident was already interviewed, and those who had additional questions might reach out via the telephone number listed here (opens in a new tab).
External forensic experts were involved in the incident, alerted Federal law enforcement in the United States, and other cybersecurity professionals that examined the incident, and enhanced the security of Church systems. It did not reveal what this enhancement means, nor did it provide identity protection services to individuals affected.