A data breach at the Southern Baptist Convention International Mission Board may have unlocked personal information about thousands of current and former employees, volunteers and applicants.
The IMB notified potentially impacted individuals July 6 that a data file hacked in April contained names, contact information, birth dates and possibly “limited health information” collected as part of the initial application process to serve the missionary-sending agency in various ways.
An IMB spokesperson declined Aug. 1 to say how many letters were sent, citing an ongoing investigation by law enforcement, but state attorney general offices in California, Iowa and New Hampshire reported that more than 5,000 individuals may have been affected in those three states alone.
The IMB, which deploys two thirds of its more than 3,500 missionaries in assignments with security levels of cautious or restricted communication, said the data breach did not affect financial systems, e-mail or operational records.
While no reports of misusing the data have been received, an IMB statement said “out of an abundance of caution” the agency would provide free support services including credit monitoring and identity protection to anyone whose data might have been made vulnerable.
“Since investigators were unable to determine access to any specific individual records, all individuals whose information was contained in the exposed data file have been mailed a notification letter,” the statement said in part. The agency established a toll-free call center to answer questions and assist with enrollment for the precautionary measures.
Just this year data security breaches have exposed records at businesses including SunTrust, Jason’s Deli, Lord & Taylor and the Sacramento Bee. In March the active-wear company Under Armour reported 150 million accounts for a diet and fitness app were compromised in one of the biggest hacks in history.
While such large-scale attacks draw headlines, experts say non-profits are just as at much risk of data breaches as big for-profit companies. Smaller non-profits are most vulnerable because they often lack resources to make cyber security a high priority.
The International Mission Board said the security issue has been resolved and apologized for “any inconvenience or concern this security compromise may cause.”
“The company takes very seriously our responsibility to protect the information entrusted to us,” the IMB statement said. “We already have implemented new security technologies around our most sensitive systems and data, which will improve our ability to detect and respond to threats to our data networks.”