Faith-Based Daily Awareness Post 22 July 2025

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters. 

Breach of Mormon Church university vendor exposes over 25K students

BYU–Pathway Worldwide, an education organization supported by the Church of Jesus Christ of Latter-day Saints (LDS Church), had an unauthorized party access tens of thousands of its students’ data. The LDS Church educational organization contacted thousands of students whose details were exposed in a recent data security incident. According to information that the BYU–Pathway Worldwide (BYU–PW) submitted to the Maine Attorney General’s Office, the incident exposed over 25,000 of the institution’s students.

Analyst Comments: The university claims that the incident involved a vendor account, whose access was suspended immediately after the organization learned about unauthorized activity on its systems. “Upon investigation, evidence indicated the vendor’s account was compromised by an unknown third party, which allowed unauthorized access to certain systems,” reads the data breach notice. This serves as a reminder that even if cyberattacks don’t directly target our organizations, third-party breaches can have significant consequences. Organizations are encouraged to review third party risk management best practices for additional insights.

SCN Situation Report: Jewish Facilities in Multiple States Receive Threatening Emails

On 19 July 2025, several Jewish facilities in Georgia, Illinois, Connecticut, and New York received suspicious or threatening emails from Peter MACDOWELL (MACDOWELL) <petermacdowell[at]gmail[dot]com>. The emails included threatening language such as “kill jews” and “your money and connection to politics wont save you… not at least from me anyway.”

• MACDOWELL’s online activity shows anti-Jewish sentiment and conspiracy theories blaming the Jewish community for perceived wrongs regarding Christianity.
  • He has also left negative and anti-LGBTQ Google reviews on the pages of churches and a synagogue.
• The language in the emails is not standard, including emails with no content or no subject line. The language in each email varies.
• At this time, there is no known connection between MACDOWELL and the recipient facilities.
• MACDOWELL is a known Person of Interest (POI) to the Duty Desk, and his last known address is in Lock Haven, Pennsylvania. We are continuing to monitor his engagement with Jewish facilities nationwide. 

Analyst Comments: FB-ISAO encourages all faith-based communities to take threatening letters seriously and report them swiftly to local law enforcement. Members may also want to review our Weekly Advisory on 25 June, 2025 that focused on Mail Threats for further insights.

School Safety Webinars

With return to school fast approaching, there are several upcoming safety webinars which may interest those with schools on campus.

Aligning Behavioral Threat Assessment and Management with a Multi-tiered System of Support: Building a Continuum of Prevention and Intervention

Host: US Secret Service

Overview: The U.S. Secret Service’s National Threat Assessment Center (NTAC) newest publication focuses on how education practitioners can best align BTAM programs alongside multi-tiered systems of support (MTSS) in K-12 schools. This event will further highlight key findings and implications from NTAC’s decades of research and guidance on school violence prevention.

Date: August 13, 2025 12:00-2:30pm EST

Register here.

Campus Safety Webinar: Return to School – Fall 2025

Host: DHS

Overview: This event will provide updates on DHS programs, initiatives, and available resources to improve campus preparedness. DHS staff will share information about security planning for mass gatherings, best practices for safe conduct on educational campuses, information sharing, and strategies for developing partnerships to enhance coordination among campus, local, state, and federal law enforcement. This webinar is intended for college and university administrators, public safety and campus law enforcement officials, student affairs/student life, interested faculty, and other individuals and offices that have a role in supporting community safety and the well-being of students.

Date: August 7, 2025

Register here.

Weekly Security Sprint EP 119. Cyber fundamentals -third party management, passwords, and patching plus P2D2!

In this week’s Security Sprint, Dave and Andy covered the following topics:

• Microsoft SharePoint vulnerability
• China Threat
• Patching
• Managing politics and bias
• And more…