Cyber Incident Victim: Trustees of the Funds
Date:
Nov 2022
Location:
United States of America
Summary
A cyberattack targeting the Trustees of the Funds resulted in fraudulent diversion of over $400,000 through manipulated withdrawal requests intended for parishes and the affiliated diocese. The breach was detected when two parishes reported not receiving expected funds, while a third unauthorized transaction was identified later during routine reviews. The incident caused an uninsured loss of $388,000, necessitating a one-time reduction in investment performance. Security upgrades including enhanced email protections, withdrawal verification protocols, and monitoring systems were implemented following the attack. Investigations suggested perpetrators accessed internal emails to redirect payments, and the incident was reported to law enforcement authorities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyber incident affecting the Trustees of the Funds (ToTF) occurred between November and December 2022, involving the fraudulent diversion of three electronic fund transfers totaling $412,868. Attackers manipulated withdrawal requests submitted by two participating parishes and one intended for the Diocese of Virginia itself. The two parish-related transactions, amounting to $327,541, were detected when the churches alerted ToTF that the expected funds had not arrived in their authorized accounts. The third transaction, an $85,327 payment designated for routine diocesan operations, remained undetected until a later review due to its standard distribution schedule. ToTF manages investment portfolios for approximately 120 Episcopal churches in Virginia and over 80 affiliated institutions, with its core fund valued at $122 million as of June 2023. The organization processes withdrawal requests from participants for expenses including charitable activities, facility maintenance, and operational costs.
ToTF initiated response protocols upon discovering the first two fraudulent transactions, immediately engaging external IT specialists to halt further unauthorized activity. Forensic investigation revealed the attackers had compromised internal email communications, using this access to alter payment instructions and redirect funds to unauthorized accounts. The organization reported the incident to the Federal Bureau of Investigation and local law enforcement agencies. Financial impacts included a net uninsured loss of $388,000 after reimbursing the Diocese of Virginia for its diverted payment, necessitating a one-time 0.06% reduction in investment performance across all participant accounts. ToTF implemented enhanced security measures including new fraud detection software, continuous system monitoring, phishing resistance testing, modified withdrawal verification procedures requiring direct phone confirmation, and strengthened email authentication protocols. The diocese publicly acknowledged the breach on September 8, 2023, confirming no subsequent breaches had occurred under the upgraded security framework. ToTF leadership communicated directly with participants about the incident through email alerts and offered direct contacts for follow-up inquiries regarding account security.