ChurchShield Data Breach Exposes Social Security Numbers

ChurchShield, a company specializing in outsourced solutions for churches and ministries, recently experienced a significant data breach. The breach occurred between August 26, 2023, and September 14, 2023, during which unauthorized access to the company’s network was identified. ChurchShield discovered the breach on December 1, 2024, after conducting an extensive investigation with outside cybersecurity professionals.

The breach exposed sensitive personal information of individuals connected to ChurchShield’s services, including data related to accounting, tax, and payroll services provided to churches.

The following types of consumer information were potentially accessed and removed:

• Full name
• Social Security number
• Bank account information
• Date of birth

While the total number of individuals affected nationwide has not been disclosed, at least one individual in Maine was confirmed to have been impacted. ChurchShield disclosed the breach to the Maine Attorney General's office and the Vermont Attorney General's office on December 30, 2024. Affected consumers were notified via written communication on December 27, 2024.

The breach is severe due to the nature of the information compromised, which could potentially be used for identity theft or financial fraud. ChurchShield has not reported any confirmed instances of misuse of the stolen data as of now.

ChurchShield's response

Upon discovering the breach, ChurchShield immediately launched an investigation with the help of external cybersecurity experts. Their investigation aimed to determine the scope of the breach and identify the information that had been compromised. The company has since implemented enhanced security measures to protect its systems and prevent future incidents.

As part of its response, ChurchShield is offering affected individuals a complimentary membership to Equifax® Credit Watch™ Gold. This service includes credit monitoring, identity restoration assistance, and up to $1,000,000 in identity theft insurance coverage. Details on how to enroll in this service were provided in the notification letter sent to consumers.

Affected by the data breach?

If you have received a notification from ChurchShield regarding this breach, it is important to take immediate steps to protect yourself. Here’s what you should do:

1. Enroll in the free credit monitoring service: Follow the instructions provided in the notification letter to activate your complimentary Equifax® Credit Watch™ Gold membership before the enrollment deadline.
2. Place a fraud alert on your credit file: Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to request a fraud alert. This will notify creditors to take extra steps to verify your identity before opening new accounts.
3. Consider placing a security freeze on your credit report: A security freeze prevents creditors from accessing your credit report without your permission, making it harder for identity thieves to open accounts in your name.
4. Monitor your financial accounts: Regularly review your bank statements, credit card statements, and other financial accounts for unauthorized transactions or suspicious activity.
5. Request your free credit reports: Visit AnnualCreditReport.com or call 1-877-322-8228 to request your free credit reports. Review them for any discrepancies or accounts you didn’t open.
6. Stay vigilant: Be cautious of phishing attempts or fraudulent communications that may attempt to exploit the breach. Do not share sensitive information with unknown parties.
7. Report suspicious activity: If you notice any signs of identity theft or fraud, file a report with your local law enforcement and the Federal Trade Commission (FTC) at IdentityTheft.gov.

By taking these proactive steps, you can reduce the risk of identity theft and financial fraud.