(844) 627-8267
(844) 627-8267

Hackers Stole $6 Million From the New Haven School System | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Hackers stole more than $6 million from the New Haven, Conn., public school system, Justin Elicker, the city’s mayor, said on Thursday.

A little more than half of that money, $3.6 million, has since been recovered, and an investigation into who was responsible for the theft is underway. For now, the city has stopped its use of electronic money transfers, except for employee payroll, and will instead use checks to make payments.

“It is shocking to me that someone is so greedy that they would steal money from public school children,” Mr. Elicker said in an interview, calling the hackers “criminals” who were “completely unethical.”

The hackers appear to have gained access in late May to the email account of the school system’s chief operating officer and began to monitor conversations among the school official, vendors and the city’s finance office, Mr. Elicker said. The hackers impersonated the school official and vendors in order to divert the school’s money to fraudulent accounts.

Four payments, amounting to more than $5.9 million, that were intended for First Student, a bus company that provides transportation services for students, were instead sent to a fraudulent account in June. Two other payments amounting to over $76,000 that were meant for Shipman & Goodwin, a law firm, were also sent to a fraudulent account in June.

Officials learned of the hack on June 23 when First Student, the bus company, told the city that they had not received expected payments. Officials quickly contacted the bank and the New Haven police department, which then involved the F.B.I.

In early July, hackers attempted to divert money intended to pay SJ Services, a vendor that provides cleaning services, into a fraudulent account, but the move was denied by the city’s finance office because the city had stopped making electronic payments.

The hackers engaged in what the F.B.I. calls business email compromise, which it describes on its website as “one of the most financially damaging online crimes.”

The F.B.I. has since recovered $3.6 million and has been able to freeze some of the remaining funds. It is working to recover the rest. The school system has enough money to pay the vendors and does not “anticipate any interruption in any of the services that we provide,” Mr. Elicker said.

“Ultimately, while this is deeply unfortunate, it’s not going to have a significant financial impact on the city,” the mayor added.

School officials are already alert for cyberattacks, Mr. Elicker said, but the city plans to work with several outside firms to strengthen both its cybersecurity and financial policies and procedures.

Officials are also conducting an internal review to ensure that all employees are following proper protocol. One official in the finance office has already been placed on paid administrative leave as a result of the review.

“Just to be clear, we do not believe any city employee was involved in the hacking itself,” Mr. Elicker said during a news conference on Thursday. “However, we want to ensure that all employees followed proper financial and cybersecurity procedures.”

It was the first time the city’s public school system had been hacked in this way, Mr. Elicker said.

School systems and other public institutions have long been the target of hackers. Last fall, a cyberattack forced the Suffolk County government to use pen and paper and fax machines from the 1990s. Hackers stole sensitive data and forced Long Island officials to disable email for all 10,000 civil service workers.


Click Here For The Original Story From This Source.

National Cyber Security