Cyberattack targets LDS Church, accesses info of some members and employees

Feds suspect a state-sponsored hit; Utah-based faith says personal financial data was untouched.

The Church of Jesus Christ of Latter-day Saints reported Thursday that some of its computer systems — which included personal data of some members, employees, contractors and friends — were breached on March 23.

The compromised materials “did not include donation history or any banking information,” according to a news release.

Officials at the Utah-based church, with a global membership of 16.8 million, have been working with U.S. law enforcement authorities and third-party cybersecurity experts, the release added, “to establish the origin, nature and scope of this incident and to mitigate possible impacts.”

These experts believe the risk that the information will be used to harm individuals “is low,” the church said, and they have not yet identified any attempts of harmful use.

Federal officials suspect that this intrusion “was part of a pattern of state-sponsored cyberattacks aimed at organizations and governments around the world,” the church said, “that are not intended to harm individuals.”

The reason this is all coming to light now is because law enforcement asked the church not to share information about the breach to protect the investigation. That request was removed on Oct. 12.

The church is now notifying affected individuals, alerting them the personal data may include usernames, membership record numbers, full name, gender, email address, birthdate, mailing address, phone numbers and preferred language. It also is urging them to be vigilant in monitoring their personal accounts.

“Protecting the confidential information of our members, employees, contractors and friends is critical,” the release said. “We continue to do all we can to ensure such information is safeguarded.”