According to officials, the city of New Haven has so far been able to recover nearly half of the more than $6 million it lost earlier this summer as a result of many cyberattacks on its public school system.
The crimes, which took place in June and featured hackers posing in emails as the city’s COO and private contractors, were discovered after a Connecticut school bus company questioned why it hadn’t yet received payment.
“The individual or the individuals that did this are criminal. They are unbelievably unethical to not only steal money from the public but steal money from New Haven public school children,” said Mayor Justin Elicker, a Democrat, during a news conference.
Elicker claimed that in order to safeguard its investigation, the FBI had asked New Haven officials not to immediately comment publicly about the breach. He said that the FBI has frozen more assets and that $3.6 million has already been recovered. Elicker was unable to give an exact sum because the investigation is ongoing. There have been no detentions.
Elicker claimed that in May, hackers got access to the COO’s public school email address. They then watched online talks with vendors before interjecting themselves by pretending to be the COO and the vendors. The thieves then requested electronic transfers from legitimate accounts to their stolen accounts. Six payments were made in total, including four payments worth more than $5.9 million that were intended for the school bus company.
Two further payments were intended for a law firm. Elicker claimed that the city’s budget office withheld a seventh payment intended for a cleaning service. The FBI terms the scam used in the cyberattack a “business email compromise.”
With the exception of payroll, Elicker said the city has subsequently stopped all electronic payments and is strengthening its systems in collaboration with a number of businesses. In anticipation of the investigation’s findings, one employee of the city’s legal department has been placed on paid leave.
“We do not believe any city employee was involved in the hacking itself,” he said. “However, we want to ensure that all employees followed proper financial and cyber security procedures.”