What happened?
- We learned of a data security incident involving potential unauthorized access to our systems on April 16, 2024, at approximately 7:00 a.m. Our Information Systems (IS) team began an immediate and thorough investigation. The investigation potentially traced the incident to malicious activity starting around 2:00 a.m. on April 16, 2024. We concluded that an unauthorized party accessed several data storage files associated with our employee’s accounts.
What actions are you taking in response to this incident?
- Upon discovering the incident, we took steps to understand its nature and scope and immediately shut down all network devices to stop all inbound access to our servers.
- We coordinated with law enforcement regarding the incident and are working with leading security experts to address any vulnerabilities.
- We continue to monitor our systems for unauthorized access, have introduced additional security measures, and have reset passwords for all affected users. If your password was reset, you will be prompted to enter a new one when you log in again.
What data was involved?
- Information that could be affected includes names, usernames, email addresses, passwords, social security numbers, dates of birth, phone numbers, and mailing addresses.
Has the issue been resolved?
- While perfect security can never be assured, we are working with our IS team to address the vulnerabilities and remediate the incident.
What is the Texas Conference doing to protect my information?
- Once we became aware of the incident, we quickly took steps to determine its nature and scope. We are working with a leading data security firm to assist in our investigation and remediation. We have also notified and are coordinating with law enforcement authorities.
We are taking steps to protect our users, including the following:
- We are notifying Texas Conference employees to provide information on how they can protect their data.
- We will require Texas Conference employees to change passwords and urge users to do so immediately.
- We continue monitoring for suspicious activity and coordinating with law enforcement activities.
- We continue to enhance our systems to detect and prevent unauthorized access to user information.
- The Texas Conference offers 24-month monitoring at no cost to employees to detect, alert, recover from, and insure against suspicious activities.
How do I know whether the email I receive is legitimate?
- Please note that emails from the Texas Conference do not request personal data via email or provide links to obtain that data. If the email you received prompts you to click on a link, suggests you download an attachment or asks you for information, the email should not be opened unless verified by calling the sender. Avoid clicking on links or downloading attachments from suspicious emails.
Is this a data compromise limited to a group of people or everyone working in the Conference?
- Unfortunately, the data compromise affects all employees of the Texas Conference. Because of the nature of the compromise, we are making monitoring software available for all employees and others who may be affected.
What should I do to protect my information?
- We take our obligation to safeguard your data very seriously and are alerting you about this issue so you can take steps to help protect your information.
We recommend you:
- Change your password for any other account on which you used the same or similar information for your TXSDA account. Review your accounts for suspicious activity. Be cautious of unsolicited communications that ask for your
- data or refer you to a web page asking for personal data.
- Avoid clicking on links or downloading attachments from suspicious emails.
Does the data compromise affect tithes and offerings given by Texas Conference membership?
- No, the tithes and offerings provided through Adventist Giving are not kept at the conference office. The funds are processed through the NAD and then provided to the conference for operations.
