Catholic Diocese of Cleveland reports data breach caused by compromised email account

The Catholic Diocese of Cleveland is reporting a data breach involving unauthorized access to an employee's email account, which resulted in exposure of sensitive information for certain individuals.

Th breach was detected on January 12, 2024. Upon discovering the breach, the Diocese of Cleveland secured its email environment and initiated an investigation with the assistance of third-party cybersecurity experts.

The investigation concluded that the email account had been accessible by an unauthorized party from December 14, 2023, to January 12, 2024 and that confidential personal data was compromised. The compromised data includes:

• names,
• dates of birth,
• Social Security numbers,
• taxpayer identification numbers,
• financial account details,
• routing numbers,
• driver’s license numbers,
• health insurance information,
• passport numbers.

The number of affected individuals is not disclosed.

The Diocese began sending out notification letters on April 22, 2024, to all affected individuals, advising them of the breach and the specific types of personal information that were compromised.