American Marriage Ministries acknowledges data exposure after earlier incident reported to FBI

Wedding officiant training company American Marriage Ministries (AMM) said it is dealing with another data security issue after reporting a breach of sensitive data to the FBI earlier this year. 

American Marriage Ministries – a non-denominational church based in Seattle that trains and ordains people to officiate weddings – told The Record it hired a forensic investigator in December to look into “an incident that might have exposed an incomplete list of AMM minister names and dates of birth being accessible on the internet.”

By the end of January, the company spokesperson said the investigator confirmed that the data was accessed and their team “locked” the list down “with secure settings to prevent a similar event from happening in the future.”

“We also reported this matter to the FBI by filing an IC3 report with the Federal Bureau of Investigation,” the spokesperson said.

But security researchers with WebsitePlanet released a report this week that said they found an unsecured Amazon bucket containing a large amount of data from the church, without any password protection or encryption controls in place. 

The information exposed was 630 GB of data on about 185,000 officiants and roughly 15,000 married couples as well as their wedding guests. 

Ministers’ program application forms, over 500,000 ordination certificates and minister identification documents, and marriage licenses that contain details about newly-wedded couples and more was included in the batch of data. 

The data trove included personal information on ministers including full names, email addresses, phone numbers, minister IDs, home addresses and photos of officiants. It also contained the personal information of married couples’ including wedding certificates, dates of weddings, locations of weddings and pictures from weddings. 

WebsitePlanet reported the exposed data to AMM and US-CERT on April 29 and said the bucket was secured on May 11.

When asked about this latest data exposure, AMM confirmed that the exposed data was locked down on May 11 but said it was “continuing to look at this report.”

Despite the discovery of the most recent breach, the company said it believes its response to the incident in December 2021 “demonstrates how seriously we take the security of our website, and of our ministers.” 

“We will continue to investigate and respond to this report in a way that ensures the security of our website and our ministers’ information,” the company said. 

WebsitePlanet said it is unclear if the latest exposed information was ever accessed by hackers. 

AMM has ordained more than 900,000 ministers throughout the U.S since it was founded in 2009.