Cyber Incident Victim: Florida Baptist Convention

On or around May 10, 2023, the Florida Baptist Convention discovered it had been the victim of a significant financial fraud incident. The initial statement released that day described the event as an incident of financial fraud related to a payment from the convention to one of its Southern Baptist Convention entities. The fraudulent transaction was executed by an unauthorized party who possessed a general knowledge of the communications and standard practices between the SBC entity and the convention. This knowledge was utilized to carry out the attack, though the exact method by which this information was obtained was not immediately known and became a subject of the ensuing investigation. The convention moved swiftly to report the crime to multiple authorities, including the Federal Bureau of Investigation (FBI) and local law enforcement agencies. They also notified their insurance carrier, their bank, and their external auditing firm. From the outset, the convention stated it had no reason to suspect malfeasance by any of its own employees.

The following day, May 11, 2023, the Florida Baptist Convention released an updated statement providing further clarification on the nature of the attack. It was characterized as a highly sophisticated cyber crime that was perpetrated through the use of fraudulent emails. The specific matter was related to the convention's Send Network Florida account, which is a ministry partnership with the North American Mission Board (NAMB). This update confirmed the attack was a form of business email compromise or similar scheme that leveraged counterfeit communications to manipulate the payment process. The convention was actively working with forensic auditors and legal authorities at this early stage to determine the precise mechanisms of how the crime occurred. The total financial loss was initially undisclosed but was later confirmed to be in excess of $700,000.

By May 15, 2023, a subsequent update was issued, which confirmed the stolen amount was over $700,000. The investigation was ongoing, with federal and state investigators working alongside the convention’s internal and external auditors in an effort to recover the stolen funds. The convention acknowledged that despite having existing security protocols in place, including staff training, regular information systems upgrades, and advanced detection software, the attackers had successfully bypassed these defenses. In response, the organization was taking steps to further reinforce its level of information technology security. There was a expressed hope that a portion of the financial loss might be recovered through insurance coverage or via the direct recovery of the stolen funds by authorities.

The immediate organizational impact was significant. The convention staff and the State Board of Missions were described as being distraught over the loss of financial resources that were derived from tithes and offerings. A primary concern was maintaining the trust of the churches they served. To address the financial shortfall and ensure operational continuity, the convention stated that reserve funds already in place would be utilized. This allowed all existing commitments to support Florida churches and cooperating ministries to be honored without interruption. To provide governance and oversight of the situation, the State Board of Missions Administrative and Finance committees formed a special subcommittee. This subcommittee was tasked with overseeing the audit investigation and recommending next steps based on the findings.

The broader impact of the incident included a warning to other religious and non-profit organizations. The convention explicitly encouraged pastors and churches within its network to remain diligent with the security of their own IT and financial systems. This advice included a specific recommendation to critically scrutinize all requests for payments, even those that appear to come from a well-known or trusted source, particularly if the request involves a shift from historical payment practices. This advisory highlighted the persistent threat these types of attacks pose to organizations of all sizes. The incident was contextualized alongside other similar attacks, such as a prior event where online scammers stole $793,000 from a North Carolina church through an email scheme.

The response from the North American Mission Board (NAMB), the partner entity involved, was also noted. A NAMB spokesman stated that the organization itself adheres to robust cyber and data security protocols, follows best-in-class accounting principles and internal controls, and regularly conducts staff training and system testing. NAMB expressed its commitment to supporting its ministry partners as they also seek to strengthen their security postures. Throughout its communications, the Florida Baptist Convention reiterated its continued confidence in its SBC entities and their financial and structural integrity, emphasizing that the criminal act would not deter its missional financial partnerships. The convention's leadership remained prayerful and focused on navigating the situation in a manner that would prevent future financial loss while continuing its supportive work for Florida Baptist churches.