Cyberthieves loot $400,000 from city bank account

Cybertheft comes just days after RSA issued a warning that criminal gang planned massive attacks against U.S. banking customers

Burlington, Wash. officials have notified hundreds of employees and residents that their bank account information was compromised last week when hackers broke into city systems and stole more than $400,000 from a city account at Bank of America.

Among those impacted by the breach are employees participating in Burlington's electronic payroll deposit program and utility customers enrolled in the city's autopay program for sewer and storm drain charges.

In an alert issued this morning, city administrator Bryan Harrison said all autopay customers should assume that their name, bank account number and routing number was comprised following an intrusion into a city utility billing system.

He urged affected customers to immediately contact their bank to flag or close their accounts.

All employees participating in the city's electronic payroll deposit program have also been asked to close out their old accounts and establish a new one as a result of the breach, Harrison told Computerworld Monday.

The employees have also been asked to notify major credit-reporting agencies about the breach and to alert them about the potential for identity theft.

"At this point, we don't know the full extent of the exposure,'' Harrison said. The U.S. Secret Service and other law enforcement agencies are investigating the breach, he added.

According to Harrison, the city first learned of the online heist last Thursday when an east coast bank sought information about a series of suspicious transfers from a Burlington city account.

"They called our finance department and said there are all these funny transactions going on. [They asked:] Did you move money to these accounts?" Harrison said.

The city immediately reviewed the activity and noticed at least three "significant transactions" from its Bank of America account to accounts at the east coast bank. In all, over $400,000 was illegally transferred to business and personal accounts around the country over a two-day period, Harrison said.

The theft could have been much worse because the affected account contained a lot more cash, he said.. "There was much more in that specific account. We don't know if [the hackers] just didn't have the time" to steal more funds.

Investigators are trying to figure out how the intruders gained access to the Bank of America account. The account has been frozen and all of the city's money has been temporarily moved out of Bank of America as a precaution.

Numerous other small town, municipalities and small businesses have been victimized by similar online heists over the past three or four years.

In most incidents, the cybercrooks first stole usernames and passwords used by to gain access to bank accounts. The stolen credentials were then used to log into the online accounts and wire transfer money to mule accounts in the United States and abroad.

The FBI has estimated that U.S. businesses and banks have lost hundreds of millions of dollars due to such thefts in recent years.

The Burlington theft came just days after security firm RSA warned of cybercriminals plotting a massive and concerted campaign to steal money from the online accounts of thousands of consumers at 30 or more major U.S. banks.

In an advisory posted earlier this month, RSA said it had information suggesting that a criminal gang planned to unleash a Trojan program called Gozi Prinimalka that would infiltrate computers belonging to U.S. banking customers and to initiate fraudulent wire transfers from their accounts.

According to RSA, the organizers of the attack are currently recruiting about 100 botmasters to launch and coordinate the attacks.

Since RSA's alert, several other security experts have reported seeing the signs of preparation of an imminent and massive attack against U.S banking customers.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts