Seven months after it came upon, FamilySearch tells customers their private knowledge has been breached • Graham Cluley

0
209
Seven months after it came upon, FamilySearch tells customers their private knowledge has been breached • Graham Cluley


Seven months after it came upon, FamilySearch tells customers their private knowledge has been breached • Graham Cluley

Earlier this month, family tree web site FamilySearch introduced that hackers had damaged into its programs and stolen private knowledge about its customers.

The website, which is run by the Church of Latter-Day Saints (higher generally known as the Mormons) and describes itself as “the world’s largest shared family tree”, knowledgeable affected customers through e-mail on 13 October 2022 about its knowledge breach.

The e-mail begins:

Dear Account Holder:

FamilySearch International, a Utah nonprofit company (“FSI”), detected an unauthorized community intrusion that affected private knowledge you beforehand offered. At this time, there is no such thing as a indication that the information has been or is probably going for use for fraudulent or different dangerous functions. The affected knowledge didn’t embrace customers’ household tree knowledge. We are notifying you and others worldwide whose knowledge might have been affected, even the place this isn’t legally required.

Yes, they’re notifying of us whose knowledge might have been affected, “even where this is not legally required.”

That’s good of them.

But cling on, learn a little bit additional…

“On March 23, 2022, we detected unauthorized access to certain computer systems. We immediately notified federal law enforcement authorities in the United States. We were asked to keep the incident confidential to protect the integrity of the investigation. This instruction was lifted on October 12, 2022.”

Umm.. so the hackers stole – amongst different knowledge – customers’ full names, genders, e-mail addresses, delivery dates, mailing addresses, telephone numbers (all helpful data that may be exploited by scammers)… however FamilySearch was requested to maintain schtum about it.

But don’t fear…

The affected knowledge didn’t embrace customers’ household tree knowledge.

So your nice nice nice grandmother doesn’t have something to fret about.

Sign as much as our publication
Security information, recommendation, and ideas.

FamilySearch says it can’t decide who hacked its programs, however that US legislation enforcement authorities suspect the intrusion was “part of a pattern of state-sponsored cyberattacks aimed at organizations and governments around the world that are not intended to cause harm to individuals.”

So there you go, nothing to fret about…

Which is simply as nicely, since you’ll have a hell of a time altering your title, gender, delivery date and many others…

But significantly, shouldn’t affected customers have been instructed sooner? Should legislation enforcement businesses be capable of delay members of the general public being instructed that their private data could also be within the palms of fraudsters and cybercriminals for over half a yr?

It seems that FamilySearch customers weren’t the one ones who had their knowledge stolen. It seems the identical hackers additionally hit the family tree website’s homeowners, the Mormon Church, stealing the private particulars of church members, workers, contractors, and pals. 

Found this text attention-grabbing? Follow Graham Cluley on Twitter to learn extra of the unique content material we submit.



Graham Cluley is a veteran of the anti-virus business having labored for quite a few safety firms for the reason that early Nineties when he wrote the primary ever model of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an impartial safety analyst, he often makes media appearances and is an international public speaker on the subject of pc safety, hackers, and on-line privateness.

Follow him on Twitter at @gcluley, or drop him an e-mail.



LEAVE A REPLY

Please enter your comment!
Please enter your name here