Our Sunday Visitor, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Our Sunday Visitor, Inc. (OSV), a Catholic publishing company, experienced a data breach that was first identified on March 8, 2023, when suspicious activity was detected on their network. The company took immediate steps to secure its systems and launched an investigation with the help of third-party forensic specialists. The investigation revealed that an unknown actor had acquired certain files from OSV’s network, which contained sensitive information for certain individuals[1][3].
The data breach at OSV involved sensitive personal identifiable information and protected health information belonging to over 2,700 individuals. The types of information that may have been compromised include names, Social Security numbers, addresses, dates of birth, driver’s license numbers, financial account numbers, treatment information, diagnosis and condition information, and health plan enrollment numbers[3].
OSV began contacting individuals potentially impacted by the breach on May 16, 2023, and offered credit monitoring and identity theft restoration services for 24 months through Experian. They encouraged individuals to remain vigilant against identity theft and fraud, to review their account statements and explanation of benefits forms for suspicious activity, and to monitor their credit reports[3][5].
The breach at OSV is part of a broader trend of cybercrime groups targeting religious institutions, which is somewhat unusual as these groups typically focus on corporations and government agencies. The Karakurt data extortion group claimed responsibility for the attack on OSV, stating they had stolen 130 gigabytes of data, including accounting documents, HR information, employee data, financial contracts, invoices, and marketing information[2][9].
OSV has stated that they have seen no evidence of misuse of any information related to this incident. They have also notified law enforcement and are in the process of finalizing their review of the affected data[1]. The company has a long history, having been founded in 1912, and is the largest provider of church envelopes and one of the largest Catholic publishers in the world[1][3].
Citations:
- https://www.oursundayvisitor.com/osv-launches-comprehensive-investigation-after-suspicious-activity-found-on-network/
- https://therecord.media/cybercrime-groups-find-new-target-churches
- https://www.turkestrauss.com/2023/05/18/our-sunday-visitor-data-breach-investigation/
- https://www.osvnews.com/terms/
- https://fox59.com/indiana-news/indiana-religious-magazine-publishing-company-announces-subscriber-data-leak/
- https://dojmt.gov/consumer/databreach/
- https://www.mass.gov/doc/assigned-data-breach-number-29615-our-sunday-visitor-inc/download
- https://apps.web.maine.gov/online/aeviewer/ME/40/list.shtml
- https://www.scmagazine.com/brief/cyberattacks-hit-religious-organizations
- https://hackmanac.com/news/hacks-of-today-29-30-04-01-05-2023
- https://apps.web.maine.gov/online/aeviewer/ME/40/7a3c9fe4-5be4-43ee-91ea-5ef1fccedcbc.shtml
- https://catholicreview.org/church-militant-says-founder-michael-voris-asked-to-resign-for-breach-of-morality-clause/
- https://www.osv.com/about-osv/announcements/
- https://www.oursundayvisitor.com/lay-groups-use-of-data-to-root-out-clergy-sexual-misconduct-draws-concern/