SALT LAKE CITY, Utah, Oct. 13, 2022 (Gephardt Daily) — The Church of Jesus Christ of Latter-day Saints revealed Thursday that on March 23 of this year, it discovered part of its computer system was breached, possibly compromising personal data of “some Church members, employees, contractors, and friends.”
Since it detected the unauthorized activity, the Church statement says, “we have been working with U.S. federal law enforcement authorities and third-party cybersecurity experts to establish the origin, nature, and scope of this incident and to mitigate possible impacts.
“Law enforcement authorities believe the risk that the information will be used to harm individuals is low and our monitoring efforts have not identified any attempts of harmful use.”
The affected data “did not include donation history or any banking information associated with online donations,” the LDS Church statement says.
Delayed announcement
Why the delay in sharing the news?
“At the request of these law enforcement authorities, we have not shared information about the incident as they have conducted their investigation until October 12, 2022. We are now notifying those who may have been impacted, even where this is not legally required.”
Data breached may include “your username, membership record number, full name, gender, email address(es), birthdate, mailing address, phone number(s), and preferred language,” according to the frequently asked questions section on the Church statement.
“We have no indication that any of your personal data has been misused or published.”
What to do
The church advised its members and associates to be watchful when it comes to online activity and accounts.
“We have no indication that any of your personal data has been misused or published. We recommend that you remain vigilant about the security of your personal data by monitoring your personal accounts, frequently changing passwords, selecting strong and different passwords for every account, and taking action on any suspicious activity. You should promptly report to law enforcement authorities any fraudulent activity, scam, or identity theft.”
People whose data was breached have been notified, the statement says.
“If you did not receive a notification email, it is unlikely your personal data was involved.”
To read the full statement, with FAQ links, click here.