Register for a Free Account
Name
Email
Choose Password
Confirm Password

Please login to continue
Having Trouble Logging In?
Reset your password
Don't have an account?
Register
PRAY
LEARN
Christar's Vision
Resources
Stories
Podcast
GO
EXPLORE
Go Short Term
Serve Long Term
SEND
For Churches
EXPLORE
Residency Program
GIVE
Support a Worker
Projects
Stewardship
Creative Giving
ESSENTIALS
Cycle of Transformation
Distinctives
Least-Reached?
Not-Yet Church
Why We Share
ABOUT US
Core Beliefs
Leadership
Heritage
CMCUS
Christar Worldwide
WHO & WHERE
Locations
Buddhists
Hindus
Muslims
Refugees
The Deaf
RESOURCES
Why Christar?
Support Teams
Share + Serve
Pray + Learn
Go Well FAQ
Annual Updates
STORIES
From the Field
Sharing the Treasure
Day in the Life
PRAY
LEARN
Christar's Vision
Resources
Stories
Podcast
GO
EXPLORE
Go Short Term
Serve Long Term
SEND
For Churches
EXPLORE
Residency Program
GIVE
Support a Worker
Projects
Stewardship
Creative Giving
My Giving
My Statements
Edit Profile
Logout

Security Incident FAQs

As more information from the ongoing investigation becomes available, we will provide updates on this page.

 Last updated: August 9, 2022


I received your email or letter about the cybersecurity incident. What happened?

In late July, there was an online attack on a different faith-based organization that uses the same web-hosting platform that hosts christar.org. The politically motivated group claiming responsibility for the incident stated their purpose was to expose the donors of this targeted organization, which supported the recent overturning of Roe versus Wade. However, after infiltrating the web-hosting platform, they saw an opportunity to negatively affect a much broader group of organizations and bring “radical transparency to the evangelical missionary movement.” The perpetrators of the attack posted about their exploit with great bravado on a malware-riddled blog on the dark web. Many aspects of this account are definitively false.

A leading forensic analysis firm was retained by the web-hosting company to examine the event and provide guidance. The ongoing investigation confirmed that the databases of many ministry-minded evangelical organizations—including the database for christar.org—were accessed during the attack. This incident exposed information from the Christar database.


What kind of donor information was accessed?

The information that was accessed by the attack included:

  • Contact information (such as physical address, phone number and email address)
  • Donation history, including the amount and frequency of donations, designation of donations and the means by which you have given (by check, credit card, automatic withdrawal, etc.) 
  • Relationships with others, such as a spouse, child or a specific worker
  • The last four digits and card expiration date, for donations given by credit card

Your financial institution and credit card information (full number and CVV code) have not been compromised. This information is held by a PCI-compliant third-party payment processor and your own financial institution. Neither Christar, nor our web-hosting company, have access to that confidential data because we do not store it within any of our systems, files or databases.


What should I do?
  1. This incident has not interrupted onetime or recurring donations. All recurring donations that are currently set up will continue to run securely as usual. There is no action step required. If you have questions, please contact us.
  2. Be aware that all passwords on christar.org have been reset, as explained in the July 25 email sent to all donors with an online account on christar.org. If you have an online account at christar.org, you’ll need to create a new password to log in if you have not done so already. Go to christar.org/recover-password, and enter the email address originally used to set up your account. Follow the instructions you receive by email to set up a new password.
    If you have not already set up an account, you don’t have a password to reset.
  3. Be in prayer that what was meant for evil will be transformed by God for His good purposes and that He would cover all those impacted by this event with His hand of protection.
  4. Be cautious in responding to solicitations for information. Christar does not solicit information concerning credit cards, bank accounts or personal identification numbers. Calls with a sense of emergency or urgency or a caller who won’t accept “no” for an answer are examples of communication that will not come from Christar. Email communication from Christar will only come through a christar.org or imi.org address.
  5. Protect yourself from people who would use exposed information to cause harm. The following links lead to articles that explain three ways outside parties might use stolen information to contact you with ill intent:
  6. While you may want to reach out to worker(s) you support with questions and concerns, we would appreciate your directing any inquiries about this matter to Christar. Please email us at [email protected].
  7. Remember that visiting sites on the dark web will put your personal computer, phone or other devices at serious risk. Be mindful that this incident involves criminal hackers and information, and links about it on the dark web should not be considered safe.

Did you share my information with this other organization?

Christar did not share your information with the organization that was targeted in this incident or with the web-hosting company. We only use your contact information to get in touch with you and never share it with others.

Your information was stored in our database, which is hosted by the same company as the targeted organization. Hackers gained access to our database in connection to their breach of the web-hosting company.

You can learn more about our privacy policy at christar.org/privacy-policy.


Do I need to contact my bank/credit card company? 

Neither your bank account information nor credit card information was impacted by this incident. This information is held by a PCI-compliant third-party payment processor and your own financial institution. Neither Christar, nor our web-hosting company, have access to that confidential data because we do not store it within any of our systems, files or databases.

It is always good practice to review your financial account statements and credit reports on a regular basis for fraudulent or irregular activity. If you see anything unexpected, notify the appropriate financial institution.


Should I cancel and restart my recurring gift?

This incident has not interrupted onetime or recurring donations. Any recurring gifts you have set up will continue to run securely as usual.

Due to an unrelated update to our system in mid-July, some recurring donations were not processed until early August. All delayed donations have now been processed. No action is needed.


How are you making the website more secure to prevent this from happening again?

Upon learning of this issue, we immediately began an investigation. As part of this investigation, we are working closely with professional cybersecurity experts. We will continue to evaluate and modify our practices to enhance the security and privacy of your personal information.


How will you protect my information in the future?

Be assured that we are making every effort possible to address this difficult situation with prompt attention and the utmost care. As part of our ongoing commitment to adhere to the highest standards in data security, we will continue to evaluate and modify our practices to enhance the security and privacy of information.


Who can I contact for more information?  
You can reach us at [email protected]. We will be happy to help answer your questions.