Skip to Content
FamilySearch data breach
© Awargula |
Security & privacy

Genealogy site data breach: See if your info was leaked

There is something magical about discovering where you come from and how your ancestors migrated around the globe. There are several websites where you can build a complete family tree, with, My Heritage and FamilySearch being the most well-known.

In most cases, you create a free profile and start adding family members. Then, you get additional tools that can help with your search for a monthly fee. Unfortunately, one of the most popular genealogy sites has been the victim of a massive data breach. This could put your information in danger.

Read on to learn how hackers breached one of the largest genealogy websites and what you can do about it.

Here’s the backstory

FamilySearch, operated by The Church of Jesus Christ of Latter-day Saints, revealed that it detected an unauthorized network intrusion that might affect personal data users provided.

In an email statement to users, FamilySearch explains that the data breach happened in March this year but had to keep it under wraps pending an investigation. The instruction from law enforcement to keep the breach confidential was lifted this week, prompting the service to reveal the breach.

With thousands of users’ data and family tree information hanging in the balance, FamilySearch claims that law enforcement authorities believe the risk is minimal. We’re not sure why it claims not to be a big deal. It is!

Potentially impacted details include:

  • Username
  • Full name
  • Gender
  • Email address
  • Birthdate
  • Mailing address
  • Phone number
  • Preferred language

This is the type of information criminals need to commit identity fraud.

The FamilySearch email claims that a state-sponsored hacker group possibly launched the breach. It said that U.S. federal law enforcement authorities suspect this intrusion was part of a pattern of state-sponsored cyberattacks aimed at organizations and governments worldwide.

What you can do about it

There are a few things that you can do to minimize any potential fallout. FamilySearch recommends that you remain vigilant about the security of your data and check your other accounts for strange activity.

Here are more steps to take:

  • Change your FamilySearch password immediately. You should regularly change your passwords at least once every three months. And create passwords that are not easy to crack.
  • Beware of phishing emails hitting your inbox. Scammers piggyback on breaches by sending malicious emails to trick you into clicking their links that supposedly have important information. Look out for strange URLs, return addresses and spelling/grammar errors. It’s good practice to never click on links or attachments in unsolicited emails or text messages.
  • Keep an eye on your banking statements for any unusual transactions. If you see anything strange, notify your bank immediately.
  • Enable two-factor authentication (2FA) for all your online accounts that offer it. This will make it more difficult for hackers to access your accounts. 
  • Check Enter your email address into this online database to reveal which data breaches you might be involved in.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at That’s over 85% off the regular price!
  • Never use the same credentials for multiple online accounts. If you did use the same password for FamilySearch as another account, change them all ASAP.

Keep reading

Mapping your family tree? Try one of these free templates

Map out your ancestry with the best family tree software around

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started