
The city of Aurora is actively investigating a cyber attack that resulted in fraudulent payments being made from city accounts, according to authorities.
The incident has been confirmed by the Aurora city government, the Aurora Police Department and the FBI, the latter of which said it was aware of the situation but declined to say whether it is investigating due to U.S. Department of Justice policy.
The city discovered the fraudulent activity on April 30, the day after it happened, Aurora Mayor John Laesch said during an interview on Tuesday.
He called it a “very sophisticated cyber attack,” but said the city currently believes its internal systems were not compromised.
A “considerable” amount of money was fraudulently transferred from city accounts, according to a city spokesperson. As of Wednesday afternoon, the city had not confirmed a specific number for how much money was transferred.
Laesch similarly declined to give a dollar amount or even a ballpark estimate during the interview.
The Aurora Police Department and other partners are trying to figure out the actual amount, and the city doesn’t want to compromise the integrity of the active investigation, the city spokesperson said on Tuesday.
Once Aurora became aware of the fraudulent payments, it took immediate steps to mitigate the impact and begin recovery efforts, according to a statement the city provided to The Beacon-News on Tuesday.
Officials remain hopeful that funds may be recovered as the investigation continues, the statement said, and it noted that the city maintains insurance for incidents like this one.
Aurora has recovered some of the lost funds and will continue working with law enforcement until “all of it or more of it” is recovered, according to Laesch. He would not disclose the specific amount recovered so far.
Specifically, the fraudulent payments were ACH transactions, which according to the federal Consumer Financial Protection Bureau is an electronic transfer of money between banks and credit unions. Businesses often allow the payment of bills through ACH transactions, which requires handing over a bank account number and routing number, the bureau notes on its website.
When asked if disciplinary action has been brought against any employees because of what happened, Laesch said on Tuesday that he couldn’t comment since it was still being investigated.
Because of the active investigation involving law enforcement and cybersecurity professionals, there are limits to the amount of information around operations and personnel that can be released at the moment, according to the city’s statement.
“Accordingly, we are not commenting on specific departmental details, investigative findings, personnel matters, or other aspects of the ongoing investigative process,” city officials said in the statement. “We appreciate the cooperation and assistance being provided by our internal and external partners as the investigation continues.”
The Aurora Police Department replied to questions from The Beacon-News by confirming that “a reported incident” involving the city was under investigation. Similar to what officials said in the city’s statement, a police spokesperson noted that more information was not available because of the “active and ongoing nature of the investigation.”
Laesch said that the city has not made the incident public because it is an ongoing investigation.
Aurora is currently contracted for cyber-security-related services with NuHarbor Security, Inc., which was selected by the city towards the end of last year. City Council also approved the cybersecurity training course KnowBe4 for employees at around the same time.
The city holds internal training and phishing exercises that staff have to go through, according to Laesch. A city spokesperson said those trainings happen regularly.
rsmith@chicagotribune.com




