Info of 10,000 Employees Compromised Though the Michigan Catholic Conference Security Breach
Security breaches: they’re affecting nearly every single business, government organization, and individual person in the U.S. today. And the latest data breach in Michigan showed that local churches are not excused from these threats anymore.
On August 28, it was discovered that hackers infiltrated the system of the Michigan Catholic Conference, a Catholic agency in Lansing that covers payroll processing and employee benefits for businesses across the state. According to theDetroit Free Press, the Michigan Catholic Conference sent letters to more than 10,000 employees on Friday informing them that their personal information had been compromised in the cyber attack.
The company stated that it would pay for a year-long membership to a subscription identity-protection service for each of the employees.
This service provides insurance policies worth up to $1 million, covering everything from lost wages to possible fraudulent charges made on an individual’s stolen card number. The policy even covers the cost of a private investigator, the Royal Oak Patch stated, should someone need these services if they are targeted following the release of their personal information.
As common as security breaches have become in the past few years, cyber analysts have found that this personal information is actually, in many cases, more valuable than credit card numbers; data for a single individual can be packaged and sold on the web, giving buyers the flexibility of targeting a person via multiple platforms.
It’s also the smallest mistakes that companies make, unintentionally, which tend to result in security threats. Something as simple as bundling important company info in one Administrator account — and then locking that account with a weak and predictable password — is responsible for an estimated 80% of all security breaches.
For the Michigan Catholic Conference, the hackers appear to have broken through agency’s computer system firewall and access each employee’s name, Social Security number, birth date, address, and annual salary. The company has already placed new security features into the system so that anyone trying to access the data now will get a series of numbers rather than coherent information.