Faith-Based Daily Awareness Post 7 November 2025

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters. 

Kansas City diocesan employee accused of stealing $155,000 from financial aid fund

A former employee of the Diocese of Kansas City–St. Joseph, who served as the director of stewardship for the Diocese and executive director of the Bright Futures Fund (which provides financial aid to urban Catholic schools in Kansas City), has been indicted on one count of wire fraud after being accused of misappropriating around $155,000 from 2017-2021. According to prosecutors, he purchased more than 400 Visa gift cards using fund money and submitted falsified expense reports to mask these purchases.

In response to the theft, the Diocese of Kansas City–St. Joseph announced several remediation measures aimed at tightening financial oversight. Bishop James Johnston ordered the Bright Futures Fund to be brought under the diocese’s standard fund-management policies, with strengthened annual external audits. The fund’s accounting and donor tracking were integrated into the diocesan system and placed under the supervision of the diocesan finance office, whose officer now attends Bright Futures’ board meetings.

Analyst Comment: Insider threat remains a real risk for Faith Based Organizations (FBOs), due to their community focus, reliance upon volunteers, and association with managing donations and charity funds. The accused former employee was a celebrated philanthropist in their community, winning recognition for it, and their thefts were still not discovered until they left their position entirely. While not all FBOs have the resources of a Catholic Diocese, this incident emphasizes the importance of maintaining some type of oversight over large funds for charity.

‘Minecraft’, ‘qwerty’, and ‘India@123’ among 2025’s most common passwords: report

A recent report by Comparitech analyzed over 2 billion leaked credentials from 2025 and found that the most frequently used passwords remain remarkably weak. The top 10 list is dominated by simple numeric sequences like “123456”, “12345678”, and “123456789”, as well as basic words such as “admin” and “password.” Notably, one quarter of the top 1,000 passwords consisted solely of numbers, 38.6% of those passwords included the string “123”, and 3.1% contained the string “abc”.

The report also highlighted less generic yet still insecure passwords: “minecraft” (ranked 100th, appearing nearly 70,000 times) and “India@123” (ranked 53rd). In addition, it underscored the vulnerability of short and predictable passwords: nearly two-thirds of passwords were fewer than 12 characters long.

Analyst Comment: Here we go again. Anyone who is reading this blog won’t be surprised by these results, as rankings like these have stayed remarkably consistent for decades. Still, the release of such reports offers a timely reminder for FBOs to encourage staff and volunteers to practice stronger password hygiene for all FBO-related accounts and documents. It’s also a good opportunity to review current passwords used by the organization and ensure none of them appear on this list.