RICHMOND, Va. (WRIC) — The executive director and president of a trust fund managed on behalf of the Episcopal Diocese of Virginia and its churches announced that more than $400,000 was stolen in cyberattacks in 2022 — and detailed the work they have done in order to prevent future breaches.
In a message sent to diocese clergy and vestries on Sept. 8, Trustees of the Funds (ToTF) Executive Director Lynn Ivey and President Bob Clarke announced that a total of $412,867.61 was fraudulently withdrawn from the fund in late 2022.
The breach was discovered after two ToTF participants made withdrawal requests in November and December but never received the funds. It was later determined that the two withdrawals, totaling $327,541, had been rerouted to unauthorized bank accounts.
Ivey and Clarke initially informed the diocese of the breach on January 10, 2023 but said that they were not aware of the full amount that was stolen until recently, when they were made aware of an additional $85,327 that had been diverted in December 2022.
In response to the cyberattacks, ToTF has announced that it has taken several steps to protect the fund from future fraud attempts. Those steps included enhancing security software and computer monitoring, ongoing scam testing, processing all deposits and withdrawals through a secure web portal and multi-factor confirmation for all transactions.
ToTF also said that, after learning about the second December 2022 fraud, the managers contacted the FBI and local law enforcement — and reviewed every transaction that has taken place since then to make sure they all went to their intended recipients.
“We know that this is a disturbing matter and we want to assure everyone that the staff and board are taking this very seriously,” reads the end of the Sept. 8 message. “We have initiated an operations review that may result in some changes in procedures, staffing, etc. We value the trust you have put in us and will do everything possible to keep it.”