The town of Peterborough, New Hampshire, said Monday that it has lost $2.3 million in taxpayer dollars as the result of a cyberattack.
"It pains us to inform the residents and taxpayers of Peterborough that, like so many other towns and cities, we have fallen victim to an internet-based crime that has defrauded our taxpayers of $2.3m," Select Board Chairman Tyler Ward and Town Administrator Nicole MacStay said in a press release posted to Facebook.
They said they don't believe the funds can be recovered by reversing the transaction, and they don't know if the losses will be covered by insurance.
"It's really a gut punch, that's for sure," Select Board member William Kennedy said when reached by phone Monday. He said he had already fielded several calls from residents in the hour since the press release was first posted online.
Peterborough, a town of just over 6,000 residents, is located in southern New Hampshire, about 35 miles west of Manchester.
Ward and MacStay said town officials learned on July 26 that the ConVal School District, which serves Peterborough and eight other surrounding towns, had not received its monthly $1.2 million transfer form the town.
Upon further investigation, town officials realized the town had been victimized by an email-based fraud.
"They were incredibly sophisticated forgeries," MacStay told NBC10 Boston Monday. "These email exchanges, you would have to look much closer than anyone would normally look at an email to see that they were in fact forgeries. They really understand how these transactions worked, and took the time to understand how we worked with the school district and the vendor to be able to divert the funds the way they did."
Finance Department staff put a stop payment order on the transfer, but the funds had already left the town's account at Peoples United Bank, the town said. Town IT staff also contacted U.S. Secret Service and the cyber security firm ATOM Group.
The Secret Service Cyber Fraud Task Force began tracing the funds through transactions that ultimately converted them to cryptocurrency, the town said. The ATOM Group and the town's IT staff were able to identify email exchanges between Peterborough Finance Department staff and thieves posing as ConVal School District staff using forged documents and email accounts, but they were not able to identify who had perpetrated the fraud.
On Aug. 18, as the original investigation continued, town Finance Department staff learned that two bank transfers meant to go to Beck and Bellucci, the general contractor working on the Main Street Bridge project, had also been fraudulently diverted to thieves through similar means. The Secret Service and ATOM Group were again notified.
Kennedy, who was elected in May, said he was first informed of the fund thefts about a week ago and could hardly believe it.
"It was an anomaly, as it was," he said. "They were apparently just poised to catch us at a vulnerable time. This is a common thing. We transfer funds to ConVal on a monthly basis. This was an automated process. They caught us at a weak moment."
Investigations into the forged email exchanges showed that they originated overseas.
"These criminals were very sophisticated and took advantage of the transparent nature of public sector work to identify the most valuable transactions and focs their actions on diverting those transfers," Ward and MacStay said in their statement.
MacStay said the Secret Service told the town that at least one other community in northern New England had also been targeted, losing about $600,000.
"It's just like ransomware attacks," she said. "They're happening everywhere. They're taking advantage of communications via email... These folks really do know what they're doing. They took their time and really implemented a very sophisticated scheme and were very targeted and, unfortunately, took advantage of our staff."
More New Hampshire stories
Town officials said it is not believed that any town staff were criminally involved in the money transfers, but the Finance Department employees who were directly targeted in this fraud have been placed on paid leave until the Secret Service's ongoing investigation is complete.
ConVal Superintendent Kimberly Rizzo Saunders also issued a statement Monday saying the school district is aware of the ongoing investigation. She said school district IT staff reviewed email and server access logs and found no signs of malicious activity.
"We are working alongside the Town of Peterborough, the U.S. Secret Service, legal counsel and our insurer to support this investigation however we can and develop a better understanding of how this theft occurred, as well as to recoup the lost funding however possible," she said.
Ward and MacStay said the town is still waiting to hear from its insurance provider whether the losses will be covered either in whole or in part. Meanwhile, the town has canceled all automated transfers, and all policies and procedures relating to electronic transactions are currently under review.