FamilySearch Account Data Incident

06d10fac9748e5e00190be6f977ee2afd448de77[1].jpeg

In late March 2022, FamilySearch International detected unauthorized activity in certain computer systems that affected personal data of some FamilySearch.org registered users. The affected data did not include users’ family tree data.

Since that time, we have been working with U.S. federal law enforcement authorities and third-party cybersecurity experts to establish the origin, nature, and scope of this incident and to mitigate possible impacts. Law enforcement authorities believe the risk that the information will be used to harm individuals is low and our monitoring efforts have not identified any attempts of harmful use.

At the request of these law enforcement authorities, we have not shared information about the incident as they have conducted their investigation until October 12, 2022.

We are now notifying those who may have been impacted, even where this is not legally required. Anyone with questions about the security of their information can learn more by referencing the frequently asked questions below.

Protecting the confidential information of our users is critical. We continue to do all we can to ensure such information is safeguarded.

Frequently Asked Questions

What happened?

On March 23, 2022, FamilySearch International detected unauthorized access to certain computer systems. We immediately notified federal law enforcement authorities in the United States and were asked to keep the incident confidential to protect the integrity of the investigation. This instruction was lifted on October 12, 2022, and we are notifying affected individuals. U.S. federal law enforcement authorities suspect that this intrusion was part of a pattern of state-sponsored cyberattacks aimed at organizations and governments around the world that are not intended to cause harm to individuals.

What personal information was affected?

The breached systems contain personal data, including basic contact information, of users of the FamilySearch website. The data accessed may include, if you provided it, your username, full name, gender, email address(es), birthdate, mailing address, phone number(s), and preferred language. The affected data did not include users’ family tree data.

Who can I talk to about this?

If you have further questions or concerns, please call:
Engagement Number: B058766

In the United States:

English toll-free number: 1-833-559-0435
Spanish toll-free number: 1-833-559-0612

Monday–Friday, 7:00 a.m.–9:00 p.m. Mountain Time (MT); Saturday and Sunday, 9:00 a.m.–6:00 p.m. (MT), excluding major U.S. holidays.

Outside the United States:

Outside the United States: toll +1 (346) 278-3020, Monday through Friday, 7:00 a.m.–9:00 p.m. Mountain Time (MT); Saturday and Sunday, 9:00 a.m.–6:00 p.m. MT (excluding major U.S. holidays).

United Kingdom English toll-free number: +44 (0800) 408 1788, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)

Philippines English toll-free number: +63-1800-13120083, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)

Australia English toll-free number: +61 (1800) 434165, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)

New Zealand English toll-free number: +64 800-445108, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)

Portuguese toll-free number: +55-0800-450-0035, Monday through Friday, 8:00 a.m.–6:00 p.m. (BT); Saturday and Sunday, 8:00 a.m.–5:00 p.m. (BT)

German toll-free number: +49 (0800) 673 8190, Monday through Friday, 7:00 a.m.–5:00 p.m. (BT); Saturday and Sunday, 7:00 a.m.–4:00 p.m. (BT)

French toll-free number: +33 080 510 9939, Monday through Friday, 7:00 a.m.–5:00 p.m. (BT); Saturday and Sunday, 7:00 a.m.–4:00 p.m. (BT)

What is FamilySearch doing to prevent this from happening again?

We take protecting the personal data entrusted to us seriously and are taking every action to keep your information safe. We have been working with external forensic experts, U.S. federal law enforcement, and other cybersecurity professionals to investigate the incident and further enhance the security of FamilySearch systems.

What steps do I need to take?

We have no indication that any of your personal data has been misused or published. We recommend that you remain vigilant about the security of your personal data by monitoring your personal accounts, frequently changing passwords, selecting strong and different passwords for every account, and taking action on any suspicious activity. You should promptly report to law enforcement authorities any fraudulent activity, scam, or identity theft.

Why did FamilySearch have my data?

The personal data involved was the result of the creation of an online FamilySearch account.

Did you report this to a data regulator or data protection authority?

We have notified relevant data protection authorities.

How can I find out if my personal data was involved?

If you did not receive a notification email, it is unlikely your personal data was involved.

Why did it take so long to notify me?

FamilySearch was coordinating with law enforcement authorities and was asked to keep the incident confidential to protect the integrity of the investigation. This instruction was lifted on October 12, 2022.