It has been reported that The Church of Jesus Christ of Latter-day Saints announced Thursday that unauthorised activity was detected on its computer systems that impacted the personal data of church members and employees, among others. The church stated it has been investigating the activity with law enforcement and cybersecurity experts to better understand the origin and scope of the incident.
Law enforcement authorities said they do not believe the information will be used to harm individuals, according to the church. The impacted data did not include donation history or any banking information from donors. Information that may have breached included the full names of the church members and their basic contact information, email addresses, birthdates, mailing addresses, phone numbers and membership records.
Kudos to church officials for working with law enforcement agencies during its investigation of this cyberattack. While specifics are scant, it wouldn’t be surprising if ransomware played a part in this attack. In the cybercrime world, there is no honour amongst these thieves and they will continue to stoop to low levels for profit by attacking churches, schools, hospitals and other not-for-profit organisations. Overall, these threat groups are sociopaths that care more about personal wealth than community health. Unfortunately, Cybereason has seen a 2022 increase in attacks against non-profit organisations and it will likely increase in 2023. Cybereason’s advice is not to pay ransoms as it only further fuels the multi-billion dollar industry. I’d advice organisations to deploy endpoint detection and response software across all endpoints as it is one of the easiest ways to slow down ransomware.