Cyber Incident Victim: Catholic United Financial

On or around September 6, 2017, Arden Hills-based Catholic United Financial, a financial services provider serving Catholic Church members in the upper Midwest, disclosed a data breach affecting approximately 130,000 current and former members. An unidentified hacker gained unauthorized access to member information stored by the organization. The compromised data included individuals' first and last names, mailing addresses, dates of birth, email addresses, insurance policy information, and Social Security numbers. The breach did not extend to beneficiary information, account log-in credentials, or other unspecified categories of sensitive data. Catholic United Financial did not publicly disclose the exact timeframe during which the unauthorized access occurred or the specific methods used by the attacker to penetrate their systems. The organization confirmed the incident through its disclosure but did not provide technical details regarding how the breach was detected or whether external cybersecurity experts were involved in the investigation.

The breach exposed highly sensitive personal information that could facilitate identity theft and financial fraud against affected individuals. With Social Security numbers and insurance policy details compromised, victims faced elevated risks of credential-based attacks and insurance fraud. The geographic concentration of affected members in the upper Midwest region increased localized identity theft concerns. Catholic United Financial did not publicly outline specific remediation measures offered to victims beyond standard breach notifications, nor did they disclose whether they implemented additional security controls following the incident. The organization emphasized that core financial account credentials remained secure, potentially limiting immediate unauthorized transaction risks. No information was released regarding regulatory investigations, legal actions, or financial losses stemming from the breach.