Menu
In the News

Church issues statement on account data incident affecting some members, employees

The March 2022 incident did not include ‘donation history or any banking information associated with online donations’

merlin_1610985.jpg

The Church Office Building of The Church of Jesus Christ of Latter-day Saints. The Church issued a statement on Thursday, Oct. 13, on an account data incident that occurred earlier this year.

Deseret News archives


Church issues statement on account data incident affecting some members, employees

The March 2022 incident did not include ‘donation history or any banking information associated with online donations’

merlin_1610985.jpg

The Church Office Building of The Church of Jesus Christ of Latter-day Saints. The Church issued a statement on Thursday, Oct. 13, on an account data incident that occurred earlier this year.

Deseret News archives

The Church of Jesus Christ of Latter-day Saints released information today about an account data incident that occurred earlier this year affecting “the personal data of some Church members, employees, contractors and friends,” but did not include “donation history or any banking information associated with online donations.”

“Protecting the confidential information of our members, employees, contractors and friends is critical,” wrote Church leaders in the statement, released Thursday, Oct. 13. “We continue to do all we can to ensure such information is safeguarded.”

In late March 2022, the Church detected unauthorized activity in certain computer systems, according to the statement.

“Since that time, we have been working with U.S. federal law enforcement authorities and third-party cybersecurity experts to establish the origin, nature and scope of this incident and to mitigate possible impacts. Law enforcement authorities believe the risk that the information will be used to harm individuals is low and our monitoring efforts have not identified any attempts of harmful use,” leaders wrote in the statement.

“At the request of these law enforcement authorities, we have not shared information about the incident as they have conducted their investigation until Oct. 12, 2022.

“We are now notifying those who may have been impacted, even where this is not legally required. Anyone with questions about the security of their information can learn more by referencing the frequently asked questions below.”

Following are the question and answers from the Church regarding the incident:

1. What happened?

“On March 23, 2022, The Church of Jesus Christ of Latter-day Saints, a Utah corporation sole (CHC), detected unauthorized access to certain computer systems. We immediately notified federal law enforcement authorities in the United States and were asked to keep the incident confidential to protect the integrity of the investigation. This instruction was lifted on Oct. 12, 2022, and we notified affected individuals. U.S federal law enforcement authorities suspect that this intrusion was part of a pattern of state-sponsored cyberattacks aimed at organizations and governments around the world that are not intended to cause harm to individuals.”

2. What personal information was affected?

“The breached systems contain personal data, including basic contact information, of members of The Church of Jesus Christ of Latter-day Saints. The data accessed may include, if you provided it, your username, membership record number, full name, gender, email address(es), birthdate, mailing address, phone number(s) and preferred language. The affected data did not include donation history, or any banking information associated with online donations.”

3. Who can I talk to about this?

If you have further questions or concerns, please call:

Engagement Number: B058764

In the United States

English toll-free number: 1-833-559-0435

Spanish toll-free number: 1-833-559-0612

Monday–Friday, 7 a.m.–9 p.m. Mountain Time; Saturday and Sunday, 9 a.m.–6 p.m., excluding major U.S. holidays.

Find international contact information here.

4. What is the Church doing to prevent this from happening again?

“We take protecting the personal data entrusted to us seriously and are taking every action to keep your information safe. We have been working with external forensic experts, U.S. federal law enforcement and other cybersecurity professionals to investigate the incident and further enhance the security of Church systems.”

5. What steps do I need to take?

“We have no indication that any of your personal data has been misused or published. We recommend that you remain vigilant about the security of your personal data by monitoring your personal accounts, frequently changing passwords, selecting strong and different passwords for every account, and taking action on any suspicious activity. You should promptly report to law enforcement authorities any fraudulent activity, scam or identity theft.”

6. Why did the Church have my data?

“The personal data involved was the result of the creation of an online Church account or the result of employment with the Church.”

7. Did you report this to a data regulator or data protection authority?

“We have notified relevant data protection authorities.”

8. How can I find out if my personal data was involved?

“If you did not receive a notification email, it is unlikely your personal data was involved.”

9. Why did it take so long to notify me?

“The Church was coordinating with law enforcement authorities and was asked to keep the incident confidential to protect the integrity of the investigation. This instruction was lifted on Oct. 12, 2022.”

Newsletters
Subscribe for free and get daily or weekly updates straight to your inbox
The three things you need to know everyday
Highlights from the last week to keep you informed