January 10, 2023
To: The People of the Diocese of Virginia
On Friday, January 6, the Office of the Bishop of the Diocese of Virginia was informed that the Trustees of the Funds (ToTF), which oversees investment portfolios for the Diocese, many of its congregations, and other Episcopal organizations, was the victim of a cyber attack. As a result, the perpetrators diverted funds intended for two congregations.
“We are extremely distressed to learn of the cyber attack against the Trustees of the Funds and are committed to ensuring this cannot happen in the future,” said Bishop E. Mark Stevenson. “The financial welfare of our institutions is one of our highest priorities. Because this will be an open investigation by law enforcement, there are details we cannot share at this time. Beyond that, I pledge to keep you informed and to provide the greatest transparency possible as we work together with ToTF to resolve this issue.”
ToTF is managed by an Executive Director and its Board of Trustees. The Bishop of Virginia serves as a Trustee.
The Bishop outlined steps being taken immediately to address the security breach:
- ToTF’s IT team has reviewed their systems and taken additional security measures.
- Local and federal authorities have been notified.
- The Trustees of the Funds is insured against this type of theft and the insurance provider has been notified.
- Bishop Stevenson will require from ToTF a full report on the incident and ongoing updates on the measures being taken to ensure security moving forward.
- The Trustees of the Funds issue a statement, which is posted here. Fund participants are urged to review this for important action items and contact information.
Bishop Stevenson added, “If anything can be learned from this unfortunate event, I hope that it will be to raise awareness of the prevalence of cyber security threats and to inspire everyone to examine their online security protocols.”
Further, the Bishop will ask all related diocesan organizations to file reports with his office detailing their online security measures. He urges congregations to review their security measures, as the diocesan offices are now doing, and consider what additional measures they can take to secure their online data and transactions.
“When I became a nominee for your next bishop, I expressed that one of my most important priorities would be to promote transparency and build trust. While I am saddened that the security breach at ToTF may raise concerns, my prayer is that how we respond will demonstrate our commitment to building trusting relationships and protecting our congregations.”