An investigation into a recent cyberattack that cost the Florida Baptist Convention approximately $700,000 has concluded that no staff were responsible for the theft.
The FBC released an update Monday detailing a subcommittee report given to the State Board of Missions at its Aug. 24-25 meeting held at the Baptist Building in Jacksonville.
The subcommittee had worked with state and federal investigators, auditors, and experts in cyber-forensics to determine the source of the online theft that occurred earlier this year.
“The investigation revealed no criminal activity on the part of any Florida Baptist Convention staff person but instead concluded that the crime was the result of sophisticated cybertargeting by, at this point, unknown perpetrators,” reported the FBC.
“The subcommittee’s work culminated in the recommendation for strengthened financial protocols and ongoing training for convention staff.”
FBC Executive Director-Treasurer Tommy Green was quoted in the update apologizing for the incident, the nature of which he had not previously encountered in about 40 years of ministry.
“We will move forward. We are better, and we’ll continue to get better,” said Green, who added that “churches are learning from the convention’s fraudulent experience.”
The FBC went on to list various “best practices to help churches protect their financial assets,” including staff training on identifying emails that might be suspicious and cyberattacks of a “sophisticated” nature, enabling “multifactor authentication logins” when possible, verifying verbally all changes made to payment instructions regarding accounts payable or payroll, talk with insurance agents about coverage for cyberattack experiences, and engaging a professional in cybersecurity for analysis on information technology security.
In May, the FBC announced that it had been the victim of a theft that involved “highly sophisticated cybercrime which used fraudulent emails” and stole more than $700,000.
“We are currently working with forensic auditors and legal authorities to determine how this crime occurred. Meanwhile, we remain confident in our [Southern Baptist Convention] entities, their financial and structural integrity and our missional financial partnerships,” the FBC continued.
“This fraud was accomplished with a general knowledge of the communications and practice between the SBC entity and the convention.”
The May announcement noted that “our convention staff and state board of missions are distraught over this loss of financial resources” and that while the FBC did not suspect any staff were culpable, they were still committed to fully investigating the attack.
“It is our desire in all that we do to bring glory to our Lord and Savior, and to continue earning the trust of the churches we serve when we distribute the sacrificial resources given through tithes and offerings,” the FBC added in its May statement.