Last Updated on 17 October 2022 by Daniel
Just received the following email from FamilySearch (https://www.familysearch.org/en/). Funny thing is that I do not recall signing up on that website. Not saying I didn’t, probably just slipped my mind. Anyways, email follows:
|Important information about your FamilySearch Account|
Engagement No. B058763
|Dear Account Holder:|
FamilySearch International, a Utah nonprofit corporation (“FSI”), detected an unauthorized network intrusion that affected personal data you previously provided. At this time, there is no indication that the data has been or is likely to be used for fraudulent or other harmful purposes. The affected data did not include users’ family tree data. We are notifying you and others worldwide whose data may have been affected, even where this is not legally required.
On March 23, 2022, we detected unauthorized access to certain computer systems. We immediately notified federal law enforcement authorities in the United States. We were asked to keep the incident confidential to protect the integrity of the investigation. This instruction was lifted on October 12, 2022.
Who Committed the Intrusion?
FSI cannot determine the identity of the unauthorized person who may have accessed or acquired your personal data. U.S. federal law enforcement authorities suspect that this intrusion was part of a pattern of state-sponsored cyberattacks aimed at organizations and governments around the world that are not intended to cause harm to individuals. The forensic investigators who assisted in investigating the security breach have not detected any further unauthorized access or activity since April 3, 2022.
What Information Was Affected?
The breached FSI systems contain personal data, including basic contact information, of users of the FamilySearch website. The data that was accessed may include, if you provided it, your username, full name, gender, email address(es), birthdate, mailing address, phone number(s), and preferred language.
What Are We Doing?
We have been working with external forensic experts, U.S. federal law enforcement authorities, and other cybersecurity professionals to investigate the incident and further enhance the security of FSI’s systems. We also have notified data protection authorities, including, for example, the supervisory authority in Germany, where FSI’s representative under Art. 27 GDPR is based.
What Can You Do?
We have no indication that any of your personal data has been misused or published. We recommend that you remain vigilant about the security of your personal data by monitoring your personal accounts, frequently changing passwords, selecting strong and different passwords for every account, and taking action on any suspicious activity. You should promptly report to law enforcement authorities any fraudulent activity, scam, or identity theft.
For More Information
If you have further questions or concerns, please call:
• In the United States: toll-free (833) 559-0435, Monday through Friday, 7:00 a.m.–9:00 p.m. Mountain Time (MT); Saturday and Sunday, 9:00 a.m.–6:00 p.m. MT (excluding major U.S. holidays).
• Outside the United States: toll +1 (346) 278-3020, Monday through Friday, 7:00 a.m.–9:00 p.m. Mountain Time (MT); Saturday and Sunday, 9:00 a.m.–6:00 p.m. MT (excluding major U.S. holidays).
o United Kingdom English toll-free number: +44 (0800) 408 1788, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)
o Brazil English toll-free number: +55-0800-450-0035, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)
o Philippines English toll-free number: +63-1800-13120083, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)
o Australia English toll-free number: +61 (1800) 434165, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)
o New Zealand English toll-free number: +64 800-445108, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)
FSI has contracted Experian, an industry leader in data security response, to receive these calls. Be prepared to provide your engagement number: B058763.
We take protecting the personal data entrusted to us seriously and are taking every action to keep your information safe. We regret any inconvenience or concern this incident may have caused.
Data Privacy Office
FamilySearch International, a Utah nonprofit corporation