The Episcopal Diocese of Virginia says more than $400,000 in investment funds were stolen in cyberattacks that first struck the regional body last year.
The Virginia Bishop's Office posted a message on Sept. 8 explaining that the diocese had been the victim of a cyberattack last December that diverted funds from two congregations.
According to the message, the diocese finance office discovered during recent standard annual audit preparation that a third cash transfer worth $85,326.92 sent by the diocese's Trustees of the Funds was diverted by cyber criminals.
"We want to be clear that this third incident was part of the same cyber attack in December 2022 and not a new breach," stated the office.
"The reason the original investigation did not surface this transaction is that, unlike the transfers to two congregations, this transfer was part of a distribution that happens from time to time, rather than a request by the participant."
Once the diocesan organization Trustees of the Funds became aware of the third attack, they contacted authorities and "voted to make the Diocese whole on the diverted funds."
"We take the safe stewardship of diocesan and congregational investments seriously and we are grieved by this criminal breach. We are thankful that this breach did not occur after the increased security measures were put in place," continued the office.
"It is encouraging that these increased measures are working to prevent future attempts by cyber criminals. As always, the Diocese of Virginia is committed to full transparency with all members of the Diocese regarding data security issues."
The diocese also posted a statement from the Trustees of the Funds, which noted that the criminals stole $327,541 via two misdirected transfers in December, making the amount of stolen funds equal to more than $412,000.
The diocese was fully reimbursed for stolen payment, while the Trustees of the Funds sustained an uninsured loss of approximately $388,000 and had to make a one-time reduction in its investment performance by 0.06%.
According to the trustees, the diocese added enhanced security software and the monitoring of computers, geographic limitations for accessing emails, scam testing, processing trustees' withdrawals and deposits via a secure web portal, and using multifactor confirmation for transactions.
"We know that this is a disturbing matter and we want to assure everyone that the staff and board are taking this very seriously," stated the Trustees.
"We have initiated an operations review that may result in some changes in procedures, staffing, etc. We value the trust you have put in us and will do everything possible to keep it."