Friday, 14 October 2022

FamilySearch suffered data breach in March 2022

Received by email this morning from FamilySearch (www.familysearch.org): 

Dear Account Holder:

FamilySearch International, a Utah nonprofit corporation (“FSI”), detected an unauthorized network intrusion that affected personal data you previously provided. At this time, there is no indication that the data has been or is likely to be used for fraudulent or other harmful purposes. The affected data did not include users’ family tree data. We are notifying you and others worldwide whose data may have been affected, even where this is not legally required.

What Happened?
On March 23, 2022, we detected unauthorized access to certain computer systems. We immediately notified federal law enforcement authorities in the United States. We were asked to keep the incident confidential to protect the integrity of the investigation. This instruction was lifted on October 12, 2022.

Who Committed the Intrusion?
FSI cannot determine the identity of the unauthorized person who may have accessed or acquired your personal data. U.S. federal law enforcement authorities suspect that this intrusion was part of a pattern of state-sponsored cyberattacks aimed at organizations and governments around the world that are not intended to cause harm to individuals. The forensic investigators who assisted in investigating the security breach have not detected any further unauthorized access or activity since April 3, 2022.

What Information Was Affected?
The breached FSI systems contain personal data, including basic contact information, of users of the FamilySearch website. The data that was accessed may include, if you provided it, your username, full name, gender, email address(es), birthdate, mailing address, phone number(s), and preferred language.

What Are We Doing?
We have been working with external forensic experts, U.S. federal law enforcement authorities, and other cybersecurity professionals to investigate the incident and further enhance the security of FSI’s systems. We also have notified data protection authorities, including, for example, the supervisory authority in Germany, where FSI’s representative under Art. 27 GDPR is based.

What Can You Do?
We have no indication that any of your personal data has been misused or published. We recommend that you remain vigilant about the security of your personal data by monitoring your personal accounts, frequently changing passwords, selecting strong and different passwords for every account, and taking action on any suspicious activity. You should promptly report to law enforcement authorities any fraudulent activity, scam, or identity theft.

* FamilySearch has more on this at https://newsroom.churchofjesuschrist.org/article/data-incident

Chris

My new book Tracing Your Irish Ancestors Through Land Records is now available to buy at https://bit.ly/IrishLandRecords. Also available - Sharing Your Family History Online, Tracing Your Scottish Family History on the Internet, Tracing Your Irish Family History on the Internet (2nd ed), and Tracing Your Scottish Ancestry Through Church and State Records - to purchase, please visit https://bit.ly/ChrisPatonPSbooks. Further news published daily on The Scottish GENES Facebook page, and on Twitter @genesblog.

No comments:

Post a Comment