(Updated July 13, 5 p.m.)
A data breach occurred at the International Mission Board (IMB) that may have exposed personal information of current and former employees, volunteers and applicants. The Southern Baptist entity launched a “comprehensive response” immediately upon discovering the cyber security incident and promptly notified law enforcement officials, according to a statement released to the Biblical Recorder on July 12.
The IMB began contacting individuals potentially affected by the “unauthorized intrusion” on July 6, offering free enrollment in an identity protection and credit monitoring program, as well as access to a toll-free call center for inquiries and assistance.
Reports from multiple people who have received information through the designated hotline suggest the number of those impacted by the breach could reach into the hundreds of thousands.
One of the letters mailed to potentially affected individuals was obtained by the Recorder. It said the IMB "discovered unusual activity in our IT network" on April 11.
Investigations by law enforcement and independent digital forensic experts are ongoing, the IMB said. Investigators confirmed to the IMB that an “unknown external actor” gained access to personnel records that contained names, addresses, birth dates, contact information, Social Security numbers and limited health information.
The breach did not affect the IMB’s financial systems, email systems or operational records, the statement said. IMB officials have received no indication the compromised data has been misused.
The IMB said it “deeply regrets any inconvenience or concern this security compromise may cause” and emphasized that newly implemented protections “will improve our ability to detect and respond to threats to our data networks.”