Peterborough officials disclosed Monday the town lost $2.3 million in public money to cybercriminals, and that money may be lost forever.
“We do not believe that the funds can be recovered by reversing the transactions, and we do not yet know if these losses will be covered by insurance,” Town Administrator Nicole MacStay and Selectboard Chair Tyler Ward said in a joint statement.
The town became aware in July that the $1.2 million monthly transfer meant for the ConVal School District didn’t go through. The initial investigation uncovered an email and the town put a stop order on the payment, according to the statement. But the money was already gone at that point.
The town’s IT Department staff contacted the U.S. Secret Service and the cyber security consulting firm ATOM Group through NH Primex, Peterborough’s property and liability coverage provider.
According to the statement, the U.S. Secret Service Cyber Fraud Task Force found the stolen money was transferred into cryptocurrency almost immediately. The investigation found the cybercrooks forged ConVal identities to pull off the scam.
“The ATOM Group and the Town’s IT staff were able to identify email exchanges between finance department staff and thieves posing as ConVal School District staff using forged documents and email accounts but were not immediately able to identify who had perpetrated the fraud,” the statement reads.
ConVal Superintendent Kimberly Rizzo Saunders said in a statement released Monday afternoon the investigation has found no evidence of the fraud on the school’s part, placing the blame for the security breaks squarely on the town staff.
“At this point, it is alleged this was the result of a security breach affecting the Town of Peterborough that enabled scammers to misrepresent themselves and misdirect funds intended for the district,” Rizzo Saunders said. “District IT staff reviewed email and server access logs, as well as anti-virus logs and found no signs of malicious activity.”
As the investigation was underway, finance department staff learned on Aug. 18 that two bank transfers meant to go to Beck and Bellucci, the general contractor working on the Main Street Bridge project, had also been fraudulently diverted to thieves through similar means, according to the statement.
“Investigations into these forged email exchanges showed that they originated overseas. These criminals were very sophisticated and took advantage of the transparent nature of public sector work to identify the most valuable transactions and focus their actions on diverting those transfers,” the statement reads.
Though no town staffers have been implicated in the scams, the statement from Ward and MacStay reports the employees who fell for the scams have been placed on leave pending the conclusion of the investigation.
Ward and MacStay also report the losses may not be covered by the town’s insurance.
“We are now waiting to hear from our coverage provider if these losses will be covered, whether in whole or in part. Town administration is exploring all options available and has reached out to our legislative delegation and the Governor’s Office for support,” the statement reads.
All automatic transfers have been canceled and all policies and procedures relating to electronic transactions are under review.
In a statement released Monday night, Sen. Maggie Hassan, chair of the Emerging Threats and Spending Oversight Subcommittee, called it a devastating attack and pledged to help the town.
“This is a devastating attack, and my office stands ready to support Peterborough as it works to find the perpetrators of this attack. We also know that what happened in Peterborough will happen again, and we must do everything we can to give our communities the tools that they need to defend against cybercriminals in order to protect their online systems – and in turn, taxpayer dollars,” Hassan said.