Cyber Incident Victim: Church of Jesus Christ of Latter-day Saints
Date:
Mar 2022
Location:
United States of America
Summary
A state-sponsored cyberattack compromised the computer systems of the Church of Jesus Christ of Latter-day Saints, resulting in the theft of personal data from members, employees, contractors, and associates. The breach exposed basic contact information, usernames, membership record numbers, names, gender, email addresses, birth dates, mailing addresses, phone numbers, and language preferences, but did not include financial or donation records. Federal authorities linked the intrusion to a broader campaign targeting global organizations and governments, assessing low risk of individual harm. Disclosure was delayed at law enforcement’s request during their investigation. The organization notified potentially affected individuals and collaborated with cybersecurity experts and authorities to strengthen system defenses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 2022, threat actors breached the computer systems of the Church of Jesus Christ of Latter-day Saints, stealing personal data belonging to members, employees, contractors, and associates. The intrusion was discovered shortly after it occurred, prompting the church to engage US federal law enforcement and third-party cybersecurity firms to investigate the incident's scope and origin. Compromised data included basic contact information such as usernames, membership record numbers, full names, gender identifiers, email addresses, birth dates, mailing addresses, phone numbers, and language preferences. The church confirmed the attackers did not access financial records or donation-related banking information. Federal authorities attributed the attack to a state-sponsored cyber campaign targeting governments and organizations globally, noting the operation was not designed to harm individuals directly. The breach affected an unspecified number of individuals whose data was stored in the compromised systems based on information provided during account creation or employment processes.
The church delayed public disclosure until October 12, 2022, at the explicit request of law enforcement agencies conducting the investigation. Notification to potentially affected parties occurred after this clearance. Monitoring efforts by the church and authorities revealed no evidence of malicious misuse of the stolen data, with law enforcement assessing a low risk of harm to individuals. Remediation efforts focused on enhancing system security through collaboration with cybersecurity professionals and ongoing coordination with investigators. The church emphasized that the breach's disclosure timeline adhered strictly to law enforcement directives rather than internal delays. No technical specifics regarding attack vectors, containment measures, or system restoration timelines were disclosed publicly. Law enforcement's characterization of the incident as part of a broader geopolitical cyber campaign remained the primary contextual detail provided about the attackers' motivations.