Religious and Community Organization Data Breaches
Data breaches and cyberattacks on religious and community organizations have become more common in recent years, with attacks on individual places of worship and nationwide faith-based organizations occurring at least once a year.
- January 30, 2026
- Why are Religious and Community Organizations Targets of Data Breaches?
- What To Do if Your Information Has Been Breached
- Consequences of Religious and Community Organization Data Breaches
- Notable Breaches in the Faith & Community Sector
- Frequently Asked Questions (FAQ)
- File a Data Breach Lawsuit Against a Religious or Community-Based Organization
- Key Takeaways
- Religious and community organizations, such as churches and faith communities, are increasingly being targeted by hackers and cybercriminals in data breaches.
- Hackers often target faith-based organizations due to their high volume of sensitive data and inadequate security measures.
- Like corporations and government agencies, faith-based organizations are required by law to notify members, volunteers, and staff if their personal information was compromised in a data breach.
- If your personal information was compromised in a data breach, you have a right to compensation, and Class Action U can connect you to experienced data breach lawyers who can help.
Although many people assume data-breach risk is limited to large corporations, government agencies, or financial institutions, faith-based and community organizations also hold sensitive personal data for members, donors, and volunteers, and are increasingly being targeted. These organizations often have fewer cybersecurity practices in place than large companies or government entities, making it easier for hackers to bypass protections and access sensitive data.
Why are Religious and Community Organizations Targets of Data Breaches?
Religious and community organizations are frequently targets of data breaches because they often store personal information, like names, dates of birth, contact information, and more, for a large number of individuals. They may also have limited security practices due to a lack of professionals and a reliance on volunteers. Some of the other reasons hackers may target religious and community organizations include:
- High‑sensitivity data in non‑profit settings: Membership, donor, volunteer, and youth group data can include names, addresses, dates of birth, payment history, and more sensitive information that hackers find valuable.
- Limited cybersecurity resources and reliance on volunteers: Many religious and community organizations operate on tight budgets or are funded solely by donations, leaving them with fewer resources to invest in formal IT security governance.
- Third‑party/vendor risk and digital donation membership platforms: Religious and community organizations often outsource donor or membership services like donation platforms to third-party vendors. If those vendors experience a breach, the donation information could be leaked.
What To Do if Your Information Has Been Breached
If your religious or community organization has been targeted by cybercriminals and your data has been compromised, take the following steps to protect yourself and your rights.
- Change passwords: Change the password on any affected accounts, including any accounts with the church or religious organization and any financial accounts.
- Sign Up for Free Credit Monitoring and Identity Protection: In many cases, the breached organization will offer 12 to 24 months of free credit monitoring and identity protection services to victims. These services include alerts about changes to your credit report, helping to detect any unauthorized activity.
- Monitor Financial Accounts: Regularly check your bank and credit card statements for any suspicious activity.
- Review Credit Reports: Obtain your free credit reports from the three major bureaus (Equifax, Experian, and TransUnion) and review them for any unfamiliar accounts or activities.
- Place a Fraud Alert or Credit Freeze: Consider placing a fraud alert or freezing your credit with the major credit bureaus to prevent anyone from opening accounts in your name without your consent.
- Report Suspicious Activity: If you notice any suspicious transactions or accounts, report them immediately to your financial institution and the relevant authorities.
- Consider Filing a Data Breach Lawsuit Against the Breached Organization: After your data is compromised in a breach, you may wish to file a lawsuit to hold the organization accountable and seek restitution for the damages.
Consequences of Religious and Community Organization Data Breaches
Data breaches can have a multitude of negative effects on victims, especially when particularly sensitive data, such as Social Security numbers and financial account information, is compromised. Some of the consequences of a data breach can include:
- Identity Theft – Stolen Social Security numbers and personal identifiers can be used to open fraudulent accounts.
- Financial Loss – Exposed credit card and banking details can lead to unauthorized transactions.
Notable Breaches in the Faith & Community Sector
Unfortunately, significant data breaches occur regularly in the United States, compromising the personal information of millions of people. In recent years, attacks on individual churches as well as entire religious organizations have caused harm to members, employees, dependents, and more.
First Baptist Church of Hammond – July 2025
In July 2025, cybercriminals from the ransomware group Rhysida claimed responsibility for a breach of the First Baptist Church of Hammond, Indiana. The attackers demanded a ransom of approximately 5 Bitcoin (~US$594,000). Data breached included names, Social Security numbers, government identification numbers, contact information, dates of birth, and health information.
First Presbyterian Church of Atlanta – July 2025
On July 31, 2025, the ransomware group Incransom announced they had attacked the First Presbyterian Church of Atlanta, Georgia, and threatened a leak of sensitive data unless negotiations began.
Young Life – June 2024
In December 2024, Young Life, a Colorado-based Christian organization, disclosed a significant data breach that affected over 51,000 people, including current and former employees and their dependents. The breach occurred in June 2024 and exposed names, Social Security numbers, financial information, and more sensitive information.
The Church of Jesus Christ of Latter‑day Saints – March 2022
A cyberattack on the Church of Jesus Christ of Latter-day Saints in March 2022 obtained the personal data of some church members, employees, and contractors. The breach did not include banking information or donation history, but may have included contact information, addresses, birth dates, and more.
GiveSendGo Donor Platform – April 2021, February 2022
GiveSendGo is an American Christian crowdfunding website that launched in 2015. It has been hacked several times, including in April 2021 and February 2022. The Anti-Defamation League has reported that GiveSendGo has hosted hundreds of fundraising campaigns tied to right-wing extremist groups and causes, allowing extremist groups to raise millions of dollars since 2016.
The 2021 cyberattack on GiveSendGo made donor information available to journalists and researchers, and the 2022 breaches exposed donor names for every campaign in the site’s history.
Frequently Asked Questions (FAQ)
Does My Church or Mosque Really Have Data That Matters To Hackers?
Yes, churches, temples, and mosques have data that can be extremely valuable to hackers. This may include donor and member lists, payment systems, volunteer info, and youth program data.
Are Faith-Based Organizations Legally Required To Notify Me if a Breach Happens?
U.S. data breach notification laws generally apply to organisations holding “personal information” of residents. Some rules apply to nonprofits just as they do to for-profit businesses, depending on the state you are in.
Can I Join a Class Action if My Religious Organization Was Breached?
Class-action or collective claims may arise if many individuals are affected by a data breach and negligence is found to have led to the breach and its consequences. Class Action U can help you assess your potential legal options if your information was exposed in a breach, including joining a class action lawsuit.
File a Data Breach Lawsuit Against a Religious or Community-Based Organization
Depending on the size of a data breach, victims may be able to file an individual data breach lawsuit or join or start a class action lawsuit. It’s crucial to speak with an experienced class action lawyer before filing, as they can help advise you on the best course of action.
If you’ve been affected by an issue that could potentially lead to a class action lawsuit but hasn’t yet, we encourage you to share your information with Class Action U. We’ll evaluate the situation to see if it warrants a class action filing. Reach out today to be connected with a lawyer experienced in data breach class action lawsuits for a free, non-obligatory consultation.