Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Hackers hit small US town, steal tax payer data and $400,000

15 Oct 2012 3 Data loss, Law & order
Hackers hit small US town, steal tax payer data and $400,000

Post navigation

Previous: Scammers adopt new eBay logo in short order
Next: Who reads Naked Security? The results are in….
by Paul Roberts

Hacker. Image from ShutterstockThe town of Burlington, Washington has warned residents that they could be the targets of identity theft, after hackers compromised a number of town systems used to run an online automatic utility billing system and emptied $400,000 from a city bank account.

In a notice posted on the town’s website, Bryan Harrison, the City Administrator, said that a city-run automatic payment system – that was used by residents to pay sewer and storm drain charges – was compromised.

Alert posted on website

“If you are enrolled in Autopay, you should assume that your name, bank, bank account number and routing number have been compromised,” Harrison warned.

The announcement follows local media reports in the small, Pacific Northwest town that more than $400,000 was stolen from a Bank of America account belonging to the city.

The money was taken via a number of illegal wire transfers over a two day period, according to one report.

Located 66 miles north of Seattle, Burlington is a former logging town that is now best known as the home of a large, regional shopping mall complex. Calls and email to the Burlington Finance Department were not immediately returned.

In addition to the city sewer customers, the hackers grabbed bank records for city employees that used a direct deposit program. Victims were notified that their account information was compromised and advised to close any bank accounts used for direct deposit, or notify their banks.

The City Finance Department discovered the breach after noticing the illegal transfers on Friday. The US Secret Service is helping local police officers investigate the crime, as is the Puget Sound Electronic Crimes Task Force, according to the report.

Small cities and towns are common targets of cybercriminal hacking groups, who take advantage of loosely secured or misconfigured systems, or gullible employees to gain a foothold on municipal systems and access bank accounts used by town government.

Lawmakers in the United States have even considered extending consumer fraud protection to towns, schools and city governments, after a string of electronic heists affecting municipalities nationwide.


Hacker image from Shutterstock.

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Home

Sophos Home

Protect personal PCs and Macs
Hitman Pro

Hitman Pro

Find and remove malware
Sophos Intercept X for Mobile

Intercept X for Mobile

Protect Android devices

Post navigation

Previous: Scammers adopt new eBay logo in short order
Next: Who reads Naked Security? The results are in….

3 comments on “Hackers hit small US town, steal tax payer data and $400,000”

  1. BradT says:
    October 16, 2012 at 2:53 pm

    What they need to do is stop exempting cities and towns from the same procedures and guidelines that the private sector must meet when storing and keeping data safe.

    Many states exempt gov agencies from whatever new regulations they put in place, (they usually are also exempt from lawsuits) yet when you think about it the gov agencies have more personal data than anyone else. City hall, police, fire, etc, all have databases and information on city residents. A few examples; medical calls, billing info, domestic disputes, ss# and birth records.

    Email is weak, systems are way out of date, bad policies, really easy to social engineer, weak passwords, internal servers and systems and not hardened against attacks, etc, etc….

    Reply
  2. Chris K says:
    October 16, 2012 at 3:40 pm

    What rights and legal protections do citizens have to refuse to give local municipalities personal information such as social security number & bank account information when our cities are not equipped to protect that information?

    Reply
    • Laurence Marks says:
      October 22, 2012 at 10:08 pm

      Well, you can always decline to enroll in AutoPay or direct draft schemes. The city may require you to put down a hefty deposit, but you can insist on monthly billing paid by mailed personal check.

      Reply

What do you think? Cancel reply

Recommended reads

Dec31
by Paul Ducklin
7

Get back into the cybersecurity groove for 2021

Nov16
by Paul Ducklin
0

How to do cybersecurity – join us online for the Sophos Evolve event

Nov18
by Paul Ducklin
2

Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2021 Sophos Ltd. All rights reserved. Powered by WordPress.com VIP