Data breach affects thousands of Catholic workers in Michigan

DETROIT — Data thieves hacked into an employee database containing the personal information of thousands of Catholic workers across Michigan, exposing thousands to the possibility of identity theft, officials said.

The Michigan Catholic Conference, which administers payroll and benefits for lay employees of parishes, dioceses, schools, charities, hospitals and other Catholic organizations, sent letters to more than 10,000 affected employees last week warning them that information including names, Social Security numbers, dates of birth, addresses and wages were possibly subject to the cyberattack.

The attack did not affect bishops, clergy or religious, the conference said, whose pay and benefits are administered through a separate system.

Affected employees include about 200 members of the Archdiocese of Detroit’s Central Services, as well as many parishes and schools.

Paul A. Long, president and CEO of the conference, said in a letter to the employees that hackers were able to gain access to the information through a “sophisticated attack” on the conference’s human resources database.

“After reviewing the report from the Internet consulting firm, MCC immediately took out of operation and upgraded the password protected page that exchanges information with your employer,” Long said. “Social Security numbers were replaced with another identifier in the system and all dates of birth and addresses were removed.”

The conference is offering all affected employees one year’s worth of free identity protection through a local credit bureau, which includes insurance policies against fraudulent bank transfers and wage loss. Information on signing up for the service was included in the letter.

The conference has also set up a dedicated phone line with a data security firm for employees seeking more information at (877) 341-4607.

Employees concerned that they may be subject to identity theft were advised to consider placing a fraud alert with one of the three major credit reporting agencies — Experian, Equifax or TransUnion — to scrutinize new credit applications. Some financial experts also recommend placing a security freeze on credit files for a small fee to prevent new accounts from being opened as well as possibly changing bank account numbers and requesting new debit and credit cards.