Connect with us

Hi, what are you looking for?



Washington Town Loses $400,000 in Cyber-Heist

Burlington, Wash. officials admitted that cyber-criminals had stolen more than $400,000 from the city’s bank account and also obtained individual financial data belonging to employees and some residents.

Burlington, Wash. officials admitted that cyber-criminals had stolen more than $400,000 from the city’s bank account and also obtained individual financial data belonging to employees and some residents.

Cyber-criminals compromised systems used to run the town’s utility billing system used for sewer and storm drain charges, according to an alert posted on the town’s Website Monday morning. All customers who use the autopay feature to pay their utility bills should assume their names, bank name, account number, and routing numbers have all been compromised as well, Bryan Harrison, the city administrator, wrote in the alert. Customers should immediately contact their bank to protect their accounts.

The utility breach comes shortly after criminals electronically transferred $487,000 from Burlington’s Bank of America account to various personal and business accounts throughout the country over a two-day period, according to various local media outlets. Bank of America froze the affected account on Thursday.

City employees enrolled in the direct deposit program were also notified their account information was compromised in this breach. Like the utility residents, the city employees are advised to flag or close the accounts associated with payroll deposits to prevent fraud.

“The Finance Department notified local authorities immediately after learning of the illegal transfers and the account was frozen,” the Burlington Police Department said in a statement. “City employees participating in the city’s direct electronic payroll deposit program have been notified that their account information has been compromised.”

While the police have said the fraudulent transfers were the “result of computer hacking”, it’s not clear at this time exactly what happened. An employee with access to the account may have been phished into giving up the passwords to access the bank account; a computer could have been infected with banking malware, or some other scenario. “We really don’t know exactly how it happened,” Harrison told King 5 News, a local outlet. “Someone, either through the city system or Bank of America had actually accessed our electric authorization account,” he said.

Approximately 300 people have been affected in the town of 8,400.

Advertisement. Scroll to continue reading.

There have been a number of other online heists similar to what happened to Burlington in recent years. Back in 2010, criminals broke into a TD Bank account for the town of Poughkeepsie, NY and transferred $378,000 to banks in Ukraine. The attackers made nine illegal transfers over a two-day period, of which four succeeded. TD Bank initially recovered only $95,000 of the stolen money. Last year, Pittsford, NY, lost $139,000 when criminals logged into the town’s bank account with Canandaigua National Bank & Trust.

The FBI has estimated that U.S. businesses and banks have lost hundreds of millions of dollars due to such thefts.

The FBI has issued several alerts recently warning cyber-criminals are targeting banks with fraudulent wire transfers. Small towns, credit unions, and businesses are often targeted because of mis-configured systems and less savvy users who may fall for a malware attack or phishing scam.

RSA’s fraud team also warned earlier this month of a complicated plot involving a Trojan and targeting 30 or so major banks.

While consumers are generally protected from these types of thefts by the federal government, for up to $250,000, commercial accounts generally are not. If the bank is unable to recover the funds, the money is gone for that victim business or organization. For a small town like Burlington, that can be a significant hit.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...