A Texas megachurch fielded a fake bomb threat on Sunday morning. Millions of lending platform customers just found out their Social Security numbers may be in the wrong hands. It’s been a rough week for institutions people are supposed to trust.
Two seemingly unrelated stories — one involving Gateway Church in Prosper, Texas, and the other centered on Prosper Marketplace, a San Francisco-based peer-to-peer lending platform — have converged into a broader conversation about security, vulnerability, and what happens when bad actors come knocking. One threat turned out to be smoke and mirrors. The other was very, very real.
A Sunday Morning Scare in Prosper
Gateway Church’s Prosper campus was placed on high alert Sunday after authorities received a threat that sent law enforcement scrambling to the scene. After a thorough sweep of the property, police issued an all-clear — the threat was a swatting hoax. No injuries, no hazards, nothing but frayed nerves and shaken congregants.
Swatting, for those unfamiliar, is the dangerous and increasingly common practice of calling in a false emergency to provoke a large-scale law enforcement response. It’s not a prank. It ties up emergency resources, it traumatizes communities, and in rare cases it has turned fatal. Sunday’s incident added Gateway Church to a growing list of houses of worship targeted by this tactic.
It’s not the first time Gateway has had to grapple with security concerns. Back in 2022, at the church’s Southlake Campus, a man dressed in army fatigues walked into the children’s area during a Night of Worship event. That incident, later detailed by a former employee, prompted a security response and a review of church policies. The pattern is uncomfortable to ignore.
Still, Gateway has taken digital security seriously, at least on the email front. Over a two-year span, the church blocked more than 112,000 email attacks and shielded 3,000 mailboxes using Abnormal Security — without a single successful advanced email attack getting through. That’s a meaningful number for any organization, let alone a church.
Legal Clouds Over Southlake
The physical security drama isn’t the only front Gateway is managing. A proposed class-action lawsuit against the church alleges that leadership — including Robert Morris, the embattled founder — misused roughly 15% of congregational tithes that were supposed to fund foreign missionary work. The suit, which names multiple leaders, accuses the church of financial fraud and is seeking refunds for affected members.
And there’s more. New developments in a separate class-action lawsuit tied to Gateway’s Southlake location have drawn investigators to the church’s grounds, where shell casings were reportedly tagged on a playground. Details remain limited, but the image — forensic markers on a children’s play area — is striking on its own.
Meanwhile, 17.6 Million People Got Some Very Bad News
Across the country, and in an entirely different kind of crisis, Prosper Marketplace disclosed that unauthorized actors accessed its systems on September 2, 2025. The breach exposed personal data tied to 17.6 million unique email addresses — and it didn’t stop there. Social Security numbers, financial records, and customer application data were among the information compromised.
How bad is it, exactly? In the company’s own words: “We have evidence that confidential, proprietary, and personal information, including Social Security numbers, was obtained, including through unauthorized queries made on Company databases that store customer and applicant data.” That’s not boilerplate hedging. That’s a company confirming the worst.
Cybersecurity researchers noted the breach as one of the more significant financial data exposures of the year, particularly given the sensitivity of the data involved. Peer-to-peer lending platforms collect the kind of personal information that identity thieves prize — income details, credit history, Social Security numbers. It’s a one-stop shop for fraud.
When you fold in a concurrent breach at 700Credit, a credit data provider serving the automotive industry, the total number of people affected by related incidents climbs to nearly 20 million, according to reporting by The Record. That’s not a data incident. That’s a data catastrophe.
What This All Points To
Two stories, different sectors, different threat vectors — but the same underlying truth. Institutions that people trust with their money, their faith, and their personal information are under sustained attack. Sometimes it’s a hoax designed to terrorize. Sometimes it’s a sophisticated intrusion designed to steal. And sometimes, as the lawsuits against Gateway suggest, the threat is coming from inside the house.
For the millions of Prosper customers now wondering whether their Social Security numbers are circulating on a dark web forum somewhere, no all-clear is coming anytime soon.
