Cyber Incident Victim: Saint Ambrose Catholic Parish
Date:
Apr 2019
Location:
United States of America
Summary
A large Catholic parish fell victim to a business email compromise attack resulting in the theft of $1.75 million intended for construction payments. Attackers likely accessed the organization's email system through phishing, impersonating the legitimate contractor to redirect two months of wire transfers to fraudulent accounts before the discrepancy was discovered. Forensic analysis confirmed only two email accounts were compromised, with no breach of the securely hosted parish database. The incident prompted collaboration with law enforcement, legal advisors, and cybersecurity consultants to implement enhanced safeguards while pursuing insurance recovery for the stolen funds. This case reflects broader trends of escalating BEC campaigns targeting organizational wire transfers through social engineering rather than technical exploits.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Saint Ambrose Catholic Parish in Brunswick, Ohio, discovered a significant financial theft on April 17, 2019, when Marous Brothers Construction—the contractor for the church's Vision 2020 project—inquired about two missing monthly payments totaling approximately $1.75 million. Parish staff had believed payments were being processed normally, as they received standard bank confirmations for wire transfers. An immediate investigation revealed the funds had been diverted to a fraudulent account following a business email compromise (BEC) attack. The attackers had infiltrated the parish’s email system, likely through a phishing campaign, and impersonated the contractor to request a change in banking details. This deception led staff to redirect payments over two months without suspicion. The FBI confirmed the breach was limited to two compromised email accounts, with no evidence of intrusion into other systems. The parish’s primary database remained secure due to its cloud-based storage with layered security protections.
In response, the parish engaged the Diocese of Cleveland, legal advisors, insurance providers, and the FBI to investigate the fraud and pursue recovery options. IT consultants were brought in to conduct a comprehensive security review, reset all passwords, and verify the integrity of databases and critical information systems. The church filed an insurance claim to address its financial obligations to Marous Brothers Construction promptly. The incident underscored the widespread threat of BEC scams, which the FBI’s 2018 Internet Crime Report highlighted as generating $1.2 billion in losses that year. Independent analyses by Proofpoint and Digital Shadows corroborated the escalating risk, noting a 476% surge in BEC attempts between late 2017 and late 2018, alongside millions of exposed corporate email credentials facilitating such attacks. The theft forced Saint Ambrose to navigate both immediate financial remediation and broader operational security assessments while maintaining its role as a major community institution serving 16,000 members.