The city of Aurora is actively investigating a cyber attack that resulted in fraudulent payments being made from city accounts, according to authorities.
The incident has been confirmed by the Aurora city government, the Aurora Police Department and the FBI, the latter of which said it was aware of the situation but declined to say whether it is investigating due to U.S. Department of Justice policy.
The city discovered the fraudulent activity on April 30, the day after it happened, according to Aurora Mayor John Laesch.
He called it a “very sophisticated cyber attack,” but said the city currently believes its internal systems were not compromised.
Laesch declined to give a dollar amount, or even a ballpark estimate, for how much went missing from city accounts.
The Aurora Police Department and other partners are trying to figure out the actual amount, a city spokesperson said. It is an active investigation, the spokesperson said, and do not want to compromise its integrity.
Once the city became aware of the fraudulent payments, it took immediate steps to mitigate the impact and begin recovery efforts, according to a statement that Aurora provided to The Beacon-News.
Officials remain hopeful that funds may be recovered as the investigation continues, the statement said, and it noted that the city maintains insurance for incidents like this one.
Aurora has recovered some of the lost funds and will continue working with law enforcement until “all of it or more of it” is recovered, according to Laesch. He would not disclose the specific amount recovered so far.
Specifically, the fraudulent payments were ACH transactions, which according to the federal Consumer Financial Protection Bureau is an electronic transfer of money between banks and credit unions. Businesses often allow the payment of bills through ACH transactions, which requires handing over a bank account number and routing number, the bureau notes on its website.
When asked if disciplinary action has been brought against any employees because of what happened, Laesch said he couldn’t comment since it was still being investigated.
Because of the active investigation involving law enforcement and cybersecurity professionals, there are limits to the amount of information around operations and personnel that can be released at the moment, according to the city’s statement.
“Accordingly, we are not commenting on specific departmental details, investigative findings, personnel matters, or other aspects of the ongoing investigative process,” city officials said in the statement. “We appreciate the cooperation and assistance being provided by our internal and external partners as the investigation continues.”
The Aurora Police Department replied to questions from The Beacon-News by confirming that “a reported incident” involving the city was under investigation. Similar to what officials said in the city’s statement, a police spokesperson noted that more information was not available because of the “active and ongoing nature of the investigation.”
Laesch said that the city has not made the incident public because it is an ongoing investigation.
Aurora is currently contracted for cyber-security-related services with NuHarbor Security, Inc., which was selected by the city towards the end of last year. City Council also approved the cybersecurity training course KnowBe4 for employees at around the same time.
The city holds internal training and phishing exercises that staff have to go through, according to Laesch. A city spokesperson said those trainings happen regularly.
rsmith@chicagotribune.com
