CLEVELAND (CNS) -- A carefully orchestrated plan netted email hackers $1.75 million from a Diocese of Cleveland parish.
Father Bob Stec, pastor of St. Ambrose Parish in suburban Brunswick, told parishioners in an April 27 letter distributed at weekend Masses that the theft was discovered April 17 when a construction company working on church renovations inquired why it had not received the two most recent monthly payments for the project.
After contacting local police, banks and diocesan officials, it was discovered that the email addresses of two parish staffers had been hacked and "the perpetrators were able to deceive us" by saying the company, Marous Brothers Construction, had changed its bank and wiring instructions.
"The result is that our payments were sent to a fraudulent bank account and the money was then swept out by the perpetrators before anyone knew what had happened," the letter said.
Father Stec did not say how the hackers accessed the email accounts and noted that no other computer systems at the parish had been infiltrated.
An investigation by the diocese, insurers and the FBI continues, he added.
The pastor apologized to parishioners for the theft. "If I/we had any idea, any clue, any information that the money was not being sent to the right account, we would have addressed it immediately," he explained.
Father Stec also said that the parish's internet security and computer system are under review.
St. Ambrose Parish is in the midst of a $4 million campaign to repair and restore its church.
I hope America revisits this to see who takes the financial hit. EFT is a more common and preferred form of payment to checks. But doctored/stolen/reproduced checks are typically covered by the bank.