Information About Recent Cyber Attack and Data Breach

If you received a letter from Michigan Catholic Conference about this matter it is likely your employer was among those units impacted by the cyber-attack. While MCC cannot say for sure if the personal data was taken, our Information Technology security consultant believes it is likely that the data was compromised.

Michigan Catholic Conference has contracted with Experian, one of the leading national experts in credit monitoring and identity theft protection, to provide you with one year of credit monitoring at no cost to you. It is highly recommended that you contact Experian as soon as possible to begin your credit monitoring services. They can be reached at 877- 371-7902 or www.protectmyid.com/redeem using the Engagement Number and Activation Code found in the upper right hand corner of the MCC letter.

No, only those who were potentially impacted by the data breech and notified directly via an MCC letter sent through the U.S. postal service are eligible to receive the Experian credit monitoring and identity theft protection service.

As soon as a suspicious file was detected hiding deeply on the MCC website it was deleted and the server that hosts the site locked down external access. MCC IT staff contacted its Information Technology consultant and within a few days the company reported its findings to MCC. Immediately upon learning of the data breach the website that exchanges human resource data with your employer was taken down and all personal identifiers were removed.

Michigan Catholic Conference has established with your employer a password-protected, encrypted webpage that allows human resource information to be transmitted. The data was not only encrypted and password-protected, it also sits behind a firewall system that is considered among the best in the industry. Personal data is necessary to ensure information is accurately attributed to each employee. The cyber-attack that impacted the Michigan Catholic Conference web server was sophisticated and able to gather information in a highly discreet manner.

All personal data has been removed from the human resource transmission site. Social security numbers and dates of birth are being replaced with a different identifier. All employers that access the benefits site will be given a new user name and password. There will be heightened scrutiny of the MCC server that hosts the website where human resource information is transmitted.

Cyber-attacks and hackers have become more common in recent years and have been able to penetrate the most secure systems in the country. National entities that have had their servers attacked and data breached recently include Home Depot, Target, TJ Maxx, UPS, the State of New York, Staples and, just last month, the United States Office of Personal Management. Many of these attacks come from out of the country, where hackers are able to disguise their Internet Address in a manner that provides them with almost virtual anonymity.

Not every employee that works for a Catholic entity in the state was impacted by this breach. However, there were over 10,000 employees who were potentially impacted. The best way of knowing if you yourself were impacted is if you receive a letter from Michigan Catholic Conference. If you receive a letter then your personal information was likely breached.

No. MCC does not collect this information for clergy.

Yes, 2014 and 2015 retirees whose human resource data was present on the Wage Entry System while they were still employed may be impacted. Similarly, retirees who are also active part-time employees are potentially impacted if their data was submitted to the MCC by the employer through the Wage Entry System. The surest way to know if you, as a retiree, were impacted by the data breach is if you receive a letter at your home from Michigan Catholic Conference. No banking information for any employee was breached.

Yes, approximately 60 of the data records breached were employees under the age of 18. MCC has sent a second letter to the parents/legal guardian of the minor employees. Because of their age, Experian is offering to the family of the minor one year of its FamilySecure credit monitoring and identity theft protection service. The parent or guardian of the minor must enroll in this service by December 31, 2015. Enrollment can take place at www.familysecure.com/enroll using the Activation Code in the upper corner of the second MCC letter. Those wishing to contact Experian over the phone can do so at 888-276-0529 using the Engagement Number also in the upper corner of the second MCC letter. Both the Activation Code and Engagement Number replace those listed in the first MCC letter dated August 25.

No. The MCC website that was hacked exchanges information only with the employer about the employee.

There were no bank account numbers, credit card information or other personal banking information in the MCC system. According to our IT consultant, there is a likelihood that the data that was present, such as social security number, date of birth and address, was breached. However, MCC has no way of knowing if those personal identifiers have been or will be used by data hackers.

With the increased number of businesses, organizations and government agencies that are experiencing data breaches more and more people are being impacted, sometimes for a second or even a third time. Michigan Catholic Conference has established a dedicated telephone line with Epiq Systems for potentially impacted employees to ask this or any other specific question about data breaches and identity theft. Epiq Systems is an international data security firm and is ready to help employees with any questions they may have. Epiq can be contacted at 877-341-4607.