Cybercrime hits Wisconsin parish

MILWAUKEE -- Federal law enforcement officials were continuing to investigate how criminals were able to steal $121,000 electronically from a parish in the Milwaukee Archdiocese.

St. John Vianney Parish in Brookfield was the victim of cybercrime when individuals made several unauthorized withdrawals from the parish's general checking accounts, stealing money used for general parish operations. No parish or bank employee is suspected of any wrongdoing in the crime.

Several banks throughout the country, including one in California, have since recovered and returned $84,000 of the funds, which were distributed into valid bank accounts of individuals under various names, according to a statement from Father Phillip Bogacki, temporary parish administrator, in a recent church bulletin.

The parish's theft policy with Catholic Mutual Group, administrator of the archdiocese's insurance program, should cover the funds that were not recoverable.

In August, the parish's business manager was notified by an official at the parish's bank that there was at least one unusual and unauthorized electronic transfer from a parish account. Upon closer inspection, the bank found several unauthorized withdrawals that amounted to $121,000, so it froze the account and started an investigation, the priest said.

It is because the bank and parish were on top of what was happening in the account that they were able to recover as much of the stolen money as they did, according to the priest, who also was quick to alert archdiocesan officials about how best to tell parishioners what happened.

Father Bogacki said Secret Service agents spent a few hours at the parish interviewing him, a few parish staff members, trustees and council chair.

Parish staff were assured that individual parishioners' electronic banking information -- specifically stewardship contributions and tuition payments -- was not compromised during the theft. Father Bogacki said the parish has since put a permanent block on the account that prohibits electronic withdrawals.

"I don't know if you can ever be totally confident, but you can utilize what the banks do make available to try to make it much harder for criminals to target you," said John Marek, treasurer and chief financial officer for the archdiocese. He also said that parishes should be cautious about accessing online banking and should never access it from a public computer.According to Father Bogacki, police in Orange County, Calif., arrested at least one person involved in the theft of his church's funds.

Authorities do not know if the Brookfield cybercrime case was related to a situation involving the Diocese of Des Moines, Iowa, which was notified Aug. 17 that $600,000 of diocesan funds was transferred to numerous recipients across the United States Aug. 13 and 16.

An Aug. 26 statement released by the diocese stated that so far $180,000 had been recovered at that time, and that the FBI took possession of several diocesan computers.

"The diocese remains in communication and full cooperation with the FBI," it said.

Anne Marie Cox, director of communications for the diocese and editor of the diocesan newspaper, The Catholic Mirror, said that the diocese also has put in place stricter controls to try to prevent this kind of theft in the future.

Secret Service agent John Hirt, who was heading the investigation of the Milwaukee parish, could not comment on the case but offered advice on how parishes can help prevent similar situations.

"If you get some sort of an e-mail and you don't know who it's from, don't respond to it," Hirt said in an interview with the Catholic Herald, Milwaukee's archdiocesan newspaper. "Don't open up an e-mail that you weren't expecting from someone."

Hirt also suggested people stay away from unfamiliar websites. "If there's something that seems a little suspicious claiming to be your bank, confirm that it is coming from the source it should be and that it isn't somebody that's trying to hack into your computer," he said.

As the Brookfield parish waited for the investigation to wrap up, Father Bogacki said his congregation continued to pray and move forward with the parish's mission. He also said he was grateful to parishioners for their resilience in such a disconcerting situation.

If people suspect their parish has been a victim of cybercrime, Jay Frymark, archdiocesan financial services director, suggested they contact their bank and alert officials there of suspected fraud.

"The bank will most likely then contact the Treasury Department and the FBI if they think that something's going on," he said.

Parishes need to be prepared as best they can, Frymark added, especially parishes the size of St. John Vianney, which has more than 8,300 members and an annual budget of $4 million, large parishes are targets for cybercrime, because "organized crime goes after the bigger dollars.

"They don't pick on our $2,000 parishes," he explained.

Join the Conversation

Send your thoughts and reactions to Letters to the Editor. Learn more here