Jump to content

Church Hit by "Cyber Attack"


Recommended Posts

https://newsroom.churchofjesuschrist.org/article/data-incident

Quote

In late March 2022, The Church of Jesus Christ of Latter-day Saints detected unauthorized activity in certain computer systems that affected personal data of some Church members, employees, contractors, and friends. The affected data did not include donation history or any banking information associated with online donations.

Since that time, we have been working with U.S. federal law enforcement authorities and third-party cybersecurity experts to establish the origin, nature, and scope of this incident and to mitigate possible impacts. Law enforcement authorities believe the risk that the information will be used to harm individuals is low and our monitoring efforts have not identified any attempts of harmful use.

At the request of these law enforcement authorities, we have not shared information about the incident as they have conducted their investigation until October 12, 2022.

We are now notifying those who may have been impacted, even where this is not legally required. Anyone with questions about the security of their information can learn more by referencing the frequently asked questions below.

Protecting the confidential information of our members, employees, contractors, and friends is critical. We continue to do all we can to ensure such information is safeguarded.  

FAQ

  1. What happened?
  2. What personal information was affected?
  3. Who can I talk to about this?
  4. What is the Church doing to prevent this from happening again?
  5. What steps do I need to take?
  6. Why did the Church have my data?
  7. Did you report this to a data regulator or data protection authority?
  8. How can I find out if my personal data was involved?
  9. Why did it take so long to notify me?

Interestingly, the attack was apparently "state-sponsored": https://www.deseret.com/faith/2022/10/13/23402792/a-cyber-attack-breached-latter-day-saint-member-data-heres-what-we-know

Quote

A suspected state-sponsored cyberattack on The Church of Jesus Christ of Latter-day Saints in March successfully obtained the personal data of some church members, employees and contractors, but law enforcement authorities believe the risk to individuals is low, the church said in a release Thursday.
...

The church’s statement came amid frequent headlines about cyber attacks, including state-sponsored cyber assaults.

On Monday, an attacker within the Russian Federation attacked some of the largest U.S. airports, ABC News reported.

On Thursday, a cyberattack forced the closure of an Australian insurer, which took its systems offline and halted trading on its shares. Attackers breached the data of 10 million customers of an Australian bank late last month, Reuters reported.

The city of Tucson, Arizona, recently reported a May attack that compromised the information of 123,500 people. The city worked with forensic experts to investigate the incident. The city reported the attack this fall after the investigation ended, according to SecurityAffairs.co.

“We take protecting the personal data entrusted to us seriously and are taking every action to keep your information safe,” the church said. “We have been working with external forensic experts, U.S. federal law enforcement and other cybersecurity professionals to investigate the incident and further enhance the security of church systems.”

However, the Church may not have been "specifically targeted": https://kslnewsradio.com/1977017/church-announces-hack-affecting-community-members-personal-data/

Quote

The church recommended keeping your account secure by using strong passwords and frequently changing them. The church also said it was working with professionals to improve its cybersecurity.

In its statement, the church offered a list of resources for anyone wanting to get more information on the hack.

Pete Ashdown, president and founder of XMission, spoke to KSL NewsRadio Thursday about the situation.

“I wouldn’t put it past any government to not be doing cyber-attacks and cyber defense,” he said. “It’s just the way of the modern world that we have all this communication going over the internet. If a government doesn’t do that, I’d be more surprised.”

He says the use of cyber-attacks are common among the many world powers.

“Any sort of major world power is going to have this as part of their arsenal,” Ashdown said.

Ashdown says he doesn’t think the church was specifically targeted.

“The way these hacks work is that they are spreading a wide blanket to see if they can find any vulnerability to enter into,” he said.

Thanks,

-Smac

Link to comment
2 hours ago, ksfisher said:

Duncan posted it in the News section, which doesn't seem to get much traffic.

According to the site, Duncan's post has had 73 views in 20 hours.

Smac's has had 22 view in 1 hour.

I know.  I just feel bad it didn't get seen much. 

Link to comment
11 hours ago, Brahms said:

The term "News" in the world generally refers to bad news.  When we want to hear and talk about "good news" we refer to the gospel. 

“Talk to me about the truth of religion and I'll listen gladly. Talk to me about the duty of religion and I'll listen submissively. But don't come talking to me about the consolations of religion or I shall suspect that you don't understand.” -C.S. Lewis

Link to comment

Yep.  Got this a few days ago:

Quote

Dear Account Holder:
The Church of Jesus Christ of Latter-day Saints, a Utah corporation sole (“CHC”), detected an unauthorized network intrusion that affected personal data you previously provided. At this time, there is no evidence that any of your financial information has been impacted and there is no indication that the data has been or is likely to be used for fraudulent or other harmful purposes. We are notifying you and others worldwide whose data may have been affected, even where this is not legally required.
What Happened?
On March 23, 2022, we detected unauthorized access to certain computer systems. We immediately notified federal law enforcement authorities in the United States. We were asked to keep the incident confidential to protect the integrity of the investigation. This instruction was lifted on October 12, 2022.

Who Committed this Intrusion?
CHC cannot determine the identity of the unauthorized person who may have accessed or acquired your personal data. U.S. federal law enforcement authorities suspect that this intrusion was part of a pattern of state-sponsored cyberattacks aimed at organizations and governments around the world that are not intended to cause harm to individuals. The forensic investigators who assisted CHC in investigating the security breach have not detected any further unauthorized access or activity since April 3, 2022.
What Information Was Affected?
The breached CHC systems contain personal data, including basic contact information, of members of The Church of Jesus Christ of Latter-day Saints. The data accessed may include, if you provided it, your username, membership record number, full name, gender, email address(es), birthdate, mailing address, phone number(s), and preferred language.

What Are We Doing?
We have been working with external forensic experts, U.S. federal law enforcement authorities, and other cybersecurity professionals to investigate the incident and further enhance the security of CHC’s systems. We also have notified data protection authorities, including, for example, the supervisory authority in Germany, where CHC’s representative under Art. 27 GDPR is based.
What Can You Do?
We have no indication that any of your personal data has been misused or published. We recommend that you remain vigilant about the security of your personal data by monitoring your personal accounts, frequently changing passwords, selecting strong and different passwords for every account, and taking action on any suspicious activity. You should promptly report to law enforcement authorities any fraudulent activity, scam, or identity theft.

For More Information
If you have further questions or concerns, please call:
•    In the United States: toll-free (833) 559-0435, Monday through Friday, 7:00 a.m.–9:00 p.m. Mountain Time (MT); Saturday and Sunday, 9:00 a.m.–6:00 p.m. MT (excluding major U.S. holidays).
•    Outside the United States: toll +1 (346) 278-3020, Monday through Friday, 7:00 a.m.–9:00 p.m. Mountain Time (MT); Saturday and Sunday, 9:00 a.m.–6:00 p.m. MT (excluding major U.S. holidays).
o    United Kingdom English toll-free number: +44 (0800) 408 1788, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)
o    Brazil English toll-free number: +55-0800-450-0035, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)
o    Philippines English toll-free number: +63-1800-13120083, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)
o    Australia English toll-free number: +61 (1800) 434165, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)
o    New Zealand English toll-free number: +64 800-445108, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)
CHC has contracted Experian, an industry leader in data security response, to receive these calls. Be prepared to provide your engagement number: B058762.

We take protecting the personal data entrusted to us seriously and are taking every action to keep your information safe. We regret any inconvenience or concern this incident may have caused.

Sincerely,

Data Privacy Office
The Church of Jesus Christ of Latter-day Saints, a Utah corporation sole

For the last 7-8 years, I've received at least one of these a year from somewhere.  My credit card or bank, social media platform, various businesses, and now my church.

This is the reality people.  It's important to know this stuff in the 2020's.  The church gives good advice we should all be following, with or without evidence of any particular breach.

Link to comment
3 hours ago, LoudmouthMormon said:

Yep.  Got this a few days ago:

For the last 7-8 years, I've received at least one of these a year from somewhere.  My credit card or bank, social media platform, various businesses, and now my church.

This is the reality people.  It's important to know this stuff in the 2020's.  The church gives good advice we should all be following, with or without evidence of any particular breach.

I received one a day or 2 ago and just got another today.  As far as I remember they say they same thing.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...