Why Churches Are Becoming a Growing Target for Cyberattacks

In an increasingly digital world, no organization is immune to cyber threats—including churches. While most people don’t associate places of worship with cybersecurity risks, the reality is that churches and religious organizations have become prime targets for cybercriminals. From ransomware to phishing, attackers are exploiting weaknesses in faith-based institutions that often operate with limited IT resources.

Why Are Churches Being Targeted?

Churches may not have million-dollar bank accounts, but they possess something just as valuable: data and trust. Here’s why they’re attractive to cybercriminals:

• Sensitive Information: Churches store detailed records about their congregants—names, addresses, phone numbers, donations, even counseling notes.

• Online Donations: With the rise of digital tithing and giving platforms, churches process financial transactions that can be intercepted or manipulated.

• Low Cybersecurity Readiness: Many churches rely on volunteer-run IT systems or outdated technology, making them easier targets.

• Public Leadership: Pastors and staff are publicly known, making it easier for criminals to impersonate them in email or text scams.

• Fast Payment Pressure: Ransomware attackers know that churches may pay quickly to restore critical systems, especially around holidays or major events.

Recent Cyber Incidents Involving Churches

Here are just a few recent examples that illustrate how real—and growing—this threat is:

📌 World Council of Churches Ransomware Attack (Dec 2023)

The global Christian inter-church organization was hit by a ransomware attack from the Rhysida group, who demanded nearly $280,000 in Bitcoin and threatened to leak data.

📌 Greater Mt Calvary Holy Church (Aug 2024)

RansomHub, a known ransomware gang, targeted this prominent Washington, D.C. church, disrupting operations and possibly compromising personal data.

📌 Blue Grass Church Email Scam (Sept 2024)

Scammers created a fake Gmail account impersonating the church’s pastor and reached out to members for “urgent help”—a classic Business Email Compromise (BEC) tactic.

📌 SiegedSec Attack on River Valley Church (April 2024)

As part of a politically motivated campaign, hacktivists leaked sensitive data from River Valley Church, showing that ideological motivations are also in play.

📌 Saint Cecilia’s Church of England School (Easter 2024)

Ransomware disrupted this church-affiliated school’s servers during Easter, impacting access to administrative systems and school operations.

What Can Churches Do to Stay Safe?

Cybersecurity doesn’t have to be complex. Here are basic, high-impact steps churches can take:

• Enable Multi-Factor Authentication (MFA) for email and admin accounts.

• Back up critical data regularly and store copies offline.

• Update software and plugins (especially for websites and giving platforms).

• Educate staff and volunteers on common cyber threats like phishing.

• Use a secure email domain—avoid generic Gmail/Yahoo addresses for official communications.

• Partner with a cybersecurity provider that understands the unique needs of faith-based organizations.

Don’t Wait for an Attack to Happen

At Bawn, we specialize in helping small and midsize organizations—including churches—protect what matters most. Our team includes former FBI cyber agents who understand how attackers think and how to defend against them.

We offer approachable, affordable cybersecurity solutions tailored for faith-based communities. Whether you need help training your staff, securing your donation platform, or building a simple protection plan, we’re here to help.

📩 Ready to talk? Contact Bawn today and take the first step toward protecting your church’s mission and community.