A database maintained by a third-party vendor for The Archdiocese of Denver containing the personal identifiable information of 18,000 former and current employees and their dependents was accessed by an unauthorized person in October 2015, several of the victims have already reported having their information used for fraudulent purposes.

How many victims?  Possibly 18,000, according to the Denver Post.

What type of information? The names, social security numbers and addresses of those in the database may have been exposed.

What happened? In late October 2015 the archdiocese became aware that an unauthorized person had accessed its payroll database. In November it notified the small number of individuals it believed at the time were the only people exposed, but since then more people, who were not on the initial notification list, have come forward saying tax returns had been filed in their name. The archdiocese then decided to inform everyone contained on the list that their information may have been compromised.

What was the response? The archdiocese has been investigating the incident and making certain the system used to maintain its database is secure. This is being done through a consulting firm. Additionally, the incident was reported to the Colorado Bureau of Investigation. The archdiocese is also making credit reporting services available along with identity repair assistance.

Details? The archdiocese does not know exactly how the data breach occurred, just that accessed was gained through the vendor that maintains its payroll system.

Quote? “Since first learning of the incident, we have been working with the Archdiocese’s third-party payroll provider to understand how the incident occurred and the potential number of impacted employees, and to ensure that the integrity of our data is restored. In addition, we added additional security measures to hopefully prevent similar incidents in the future.”

Source: Archdiocese of Denver