I will say if you think this is bad, you ought to read about Washington State’s loss of $650M to organized cyber crime: <a href="https://www.seattletimes.com/seattle-news/auditor-state-unemployment-system-wholly-unprepared-for-fraud-one-agency-employee-under-criminal-investigation" rel="nofollow">https://www.seattletimes.com/seattle-news/auditor-state-unem...</a>
reminds me a little bit of when ubiquiti networks got phished to redirect a SWIFT wire transfer to a different location, and had to report it on their 10Q<p><a href="https://www.google.com/search?client=firefox-b-1-d&q=ubiquiti+wire+transfer+scam" rel="nofollow">https://www.google.com/search?client=firefox-b-1-d&q=ubiquit...</a><p><a href="https://www.google.com/search?client=firefox-b-1-d&q=ubiquiti+networks+scammed+wire+transfer" rel="nofollow">https://www.google.com/search?client=firefox-b-1-d&q=ubiquit...</a><p>at least the SEC requirements for publicly traded companies requires them to disclose it. it's kind of funny that a for profit corporation has more transparency going on in its disclosure of getting scammed than a municipal government entity.
"Dyer said the emails were privileged information since the city attorney was included".<p>This is not how privilege works, and all the people involved certainly know it.<p>(This used to be a game oil and other companies would play, and courts do not look kindly on it anymore)
Erie, CO lost $1M to a phishing attack. It was very well timed and targeted toward a major project which had been in the works for a decade.<p><a href="https://www.denverpost.com/2019/12/30/erie-victim-financial-fraud-parkway-bridge/?returnUrl=https://www.denverpost.com/2019/12/30/erie-victim-financial-fraud-parkway-bridge/?clearUserState=true" rel="nofollow">https://www.denverpost.com/2019/12/30/erie-victim-financial-...</a>
Just FYI the running total of CA's unemployment fraud during the pandemic is $20 billion: <a href="https://www.latimes.com/california/story/2021-10-25/californias-unemployment-fraud-20-billion" rel="nofollow">https://www.latimes.com/california/story/2021-10-25/californ...</a>
"The FBI asked city officials to keep the incident under wraps, so their investigation wasn’t compromised, Dyer said."<p>Could this be a valid reason not to disclose it?
Im surprised that this attack on a govt entity was successful. In such entities, every vendor record is a database entry in some legacy custom CRUD system, which require 5 different people to approve X record update.<p>Each of those people also have their own checklist of things to do prior to approval, one of which is literally pick up phone and confirm with vendor the X update.<p>Govt has a reputation for not being agile - but maybe the scammers have identified a niche in city agencies?<p>Now im wondering how many of these have never been reported on...
Good job reporting on this. Now the question is whether the voters will care at the ballot box.<p>We shouldn’t go after the person who fell for the scam - they’re just doing their job the best they can. Or even the person who should have disclosed. We have to all the way up to an elected official that needs to be held accountable, whether they knew about it or not.