A recent data breach in the city systems of Burlington, Washington resulted in the electronic theft of more than $400,000 from a city bank account, as well as the corruption of financial data for hundreds of employees and residents.
The city learned its Bank of America account had been compromised on October 11 when officials from an East Coast branch called its finance department asking about a series of suspicious transfers, Computerworld reported. Upon further review, the city found that more than $400,000 had been transferred to various accounts around the United States over a two-day period.
The account was frozen and all city funds were temporarily moved out of Bank of America. The city also notified more than 100 employees and 200 residents of the incident and encouraged them to reset their online accounts. Those participating in the city’s electronic payroll deposit program and utility customers using an autopay program for sewer and storm drain bills were affected, according to Computerworld.
On October 18, Washington’s KING 5 News reported that the U.S. Secret Service had traced the hackers through Fiji to the Ukraine.
“Someone opened up a file that contained malware,” Special Agent in Charge Jim Helminski told the station. “Once they had access to the accounts, they also had a system in place where money was wired to other personal accounts.”
Circulating threats, important precautions
As with many data breaches, it seems this attack may have been prevented by following the advice of security experts, who routinely advise users not to open files from strange or unknown sources. Cities worried about similar threats can fight back by educating their employees on basic Internet security practices and deploying anti-malware solutions to help mitigate potential threats.
However, as Computerworld noted, bank accounts are likely to see an increased risk in the coming months, with numerous security experts warning that an elevated attack on U.S. banking customers could be imminent. Just days before the Burlington attack, an advisory from security firm RSA warned of a major concerted effort on the part of cybercriminals to infiltrate U.S. bank accounts and initiate fraudulent wire transfers.
Although there is no sign that cities are subject to a specific set of linked targeted attacks, Helminski told KING 5 that public agencies often have comparatively weaker defenses than their private-sector counterparts, leaving opportunistic hackers with more room to operate.
Security News from SimplySecurity.com by Trend Micro