Our Sunday Visitor, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Our Sunday Visitor, Inc. (OSV), a Catholic publishing company, experienced a data breach that was first identified on March 8, 2023, when suspicious activity was detected on their network. The company took immediate steps to secure its systems and launched an investigation with the help of third-party forensic specialists. The investigation revealed that an unknown actor had acquired certain files from OSV’s network, which contained sensitive information for certain individuals[1][3].

The data breach at OSV involved sensitive personal identifiable information and protected health information belonging to over 2,700 individuals. The types of information that may have been compromised include names, Social Security numbers, addresses, dates of birth, driver’s license numbers, financial account numbers, treatment information, diagnosis and condition information, and health plan enrollment numbers[3].

OSV began contacting individuals potentially impacted by the breach on May 16, 2023, and offered credit monitoring and identity theft restoration services for 24 months through Experian. They encouraged individuals to remain vigilant against identity theft and fraud, to review their account statements and explanation of benefits forms for suspicious activity, and to monitor their credit reports[3][5].

The breach at OSV is part of a broader trend of cybercrime groups targeting religious institutions, which is somewhat unusual as these groups typically focus on corporations and government agencies. The Karakurt data extortion group claimed responsibility for the attack on OSV, stating they had stolen 130 gigabytes of data, including accounting documents, HR information, employee data, financial contracts, invoices, and marketing information[2][9].

OSV has stated that they have seen no evidence of misuse of any information related to this incident. They have also notified law enforcement and are in the process of finalizing their review of the affected data[1]. The company has a long history, having been founded in 1912, and is the largest provider of church envelopes and one of the largest Catholic publishers in the world[1][3].

Citations:

  1. https://www.oursundayvisitor.com/osv-launches-comprehensive-investigation-after-suspicious-activity-found-on-network/
  2. https://therecord.media/cybercrime-groups-find-new-target-churches
  3. https://www.turkestrauss.com/2023/05/18/our-sunday-visitor-data-breach-investigation/
  4. https://www.osvnews.com/terms/
  5. https://fox59.com/indiana-news/indiana-religious-magazine-publishing-company-announces-subscriber-data-leak/
  6. https://dojmt.gov/consumer/databreach/
  7. https://www.mass.gov/doc/assigned-data-breach-number-29615-our-sunday-visitor-inc/download
  8. https://apps.web.maine.gov/online/aeviewer/ME/40/list.shtml
  9. https://www.scmagazine.com/brief/cyberattacks-hit-religious-organizations
  10. https://hackmanac.com/news/hacks-of-today-29-30-04-01-05-2023
  11. https://apps.web.maine.gov/online/aeviewer/ME/40/7a3c9fe4-5be4-43ee-91ea-5ef1fccedcbc.shtml
  12. https://catholicreview.org/church-militant-says-founder-michael-voris-asked-to-resign-for-breach-of-morality-clause/
  13. https://www.osv.com/about-osv/announcements/
  14. https://www.oursundayvisitor.com/lay-groups-use-of-data-to-root-out-clergy-sexual-misconduct-draws-concern/
Breach Submission Date May 05, 2023
Converted Entity Name Our Sunday Visitor, Inc.
Converted Entity Type Health Plan
State IN
Individuals Affected 965
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes