The Catholic Diocese of Des Moines was involved in a computer security breach last month in which thieves were able to steal more than $600,000 from their automated clearing house (ACH) account at Bankers Trust.  To the credit of Bankers Trust, they were able to detect the fraudulent activity and notify the Diocese within a matter of days.  Unfortunately the funds were already gone by then.

According to the Diocese press release and other media reports, the FBI has seized several computers from the Diocese but no employees of the Diocese or Bankers Trust are suspected to be involved.  This either means one of two things.  Either law enforcement is trying to divert attention away from the true angles they are working or the systems themselves were to blame.

If the computers are part of the problem we can assume they were either not patched and vulnerable to attacks or end users allowed some sort of malware to be installed and siphon data.  Either way, this points to a break down in very rudimentary security practices.

This should be a warning to all organizations.  Patch your systems, scan them for malware and please, please, please...educate your users.  There is no patch for the human factor.