LOGOS Management Software is an online donation and profile provider for parishes throughout the country. On February 4, they were contacted by a donor who reported that there had been a possible unauthorized transaction on the donor’s credit card after making a donation on the Ministry Connect** system.
LOGOS promptly arranged for a forensic investigation. That investigation revealed that a server owned by an unnamed third-party service company that hosts a component of the Ministry Connect** system had been hacked.
“The nature of the compromise affected profile and/or payment information for new or changed gifts that were entered into the system from Friday, January 17, 2014 through Tuesday, February 4, 2014,” a letter from LOGOS’ law firm sent on March 28, 2014 to the New Hampshire Attorney General’s Office explains. The Ministry Connect** service was restored on February 23, 2014, they write.
As part of their response to the breach, LOGOS reported the incident to law enforcement, relocated the Ministry Connect** system to a server that they own and manage, and offered those affected a year of free credit monitoring with Experian ProtectMyID.
**Note: Although the notification letter from McDonald Hopkins law firm refers to “Ministry Connect” in a number of places, I suspect they may have meant to write Ministry Connection, which is a LOGOS software system. As far as I can tell, Ministry Connect, a church-related organization, is not connected to LOGOS or to this breach. DataBreaches.net e-mailed LOGOS’ law firm last night to verify whether they meant Ministry Connect or Ministry Connection, but has not received a response by the time of this publication. I will update this post if and when they get back to me.