Cyber Incident Victim: Church of Jesus Christ of Latter-day Saints
Date:
Mar 2022
Location:
United States of America
Summary
The Church of Jesus Christ of Latter-day Saints detected unauthorized activity in its systems affecting personal data of members, employees, contractors, and associates, though donation records and banking details remained secure. Compromised information included usernames, membership numbers, names, contact details, birthdates, and language preferences. U.S. federal law enforcement attributed the breach to state-sponsored cyberattacks targeting organizations globally, assessing low risk of individual harm. The organization collaborated with authorities and cybersecurity experts during an investigation that delayed public disclosure for several months. Notifications were issued to potentially impacted individuals following the lifting of confidentiality requirements, with no observed misuse of the accessed data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 23, 2022, The Church of Jesus Christ of Latter-day Saints detected unauthorized access to certain computer systems, initiating a cybersecurity incident affecting personal data of members, employees, contractors, and friends. The compromised data included basic contact information such as usernames, membership record numbers, full names, genders, email addresses, birthdates, mailing addresses, phone numbers, and preferred languages for individuals who had created online Church accounts or were employed by the organization. Notably, donation records and banking details tied to online donations were not exposed. The Church immediately engaged U.S. federal law enforcement and third-party cybersecurity experts to investigate the intrusion’s origin, nature, and scope while implementing measures to mitigate potential impacts. Law enforcement authorities assessed the incident as part of a broader pattern of state-sponsored cyberattacks targeting global organizations and governments, concluding the risk of harm to individuals was low. Monitoring efforts by the Church and its partners revealed no evidence of misuse or public dissemination of the stolen data during the investigation period.
The Church coordinated closely with law enforcement, which requested confidentiality to preserve the integrity of the investigation, delaying public disclosure until October 12, 2022. Upon lifting this restriction, the organization proactively notified potentially affected individuals, even where not legally mandated, and directed inquiries to a dedicated data privacy portal. Forensic analysis and collaboration with external experts focused on enhancing system security to prevent recurrence, though specific technical details about the attack vector or containment procedures were not disclosed. Affected parties were advised to monitor personal accounts, update passwords regularly, and report suspicious activity to authorities, though the Church emphasized no confirmed misuse had been identified. The incident underscored the organization’s reliance on collected personal data for operational purposes, such as account management and employment, while highlighting ongoing efforts to safeguard confidential information through partnerships with cybersecurity professionals and regulatory compliance.