Portland loses $1.4 million in fraudulent transaction after cybersecurity breach

The City of Portland, Oregon has launched a cybersecurity investigation after it discovered a fraudulent financial transaction of approximately US$1.4 million had taken place in late April.

The loss only came to light weeks later on May 17 after another fraudulent attempt was made from the same account.

Preliminary evidence indicates that an unauthorised outside entity gained access to a city email account to carry out the illegal activity.

A statement from the city’s Office of Management and Finance, issued on May 27, said: “A cyber incident response team was immediately activated to investigate the matter, evaluate the extent of the breach, and ensure that technology and policies are in place to prevent future cybersecurity threats.

“The city is taking action to hold accountable whoever is responsible for this fraudulent activity.”

Growing threat

Initial notifications have been made to the Federal Bureau of Investigation, the U.S. Secret Service and the Portland Police Bureau.

“This incident demonstrates the growing threat of cyberattacks against individuals, businesses and communities worldwide,” the city said.

City officials have declined to release any additional information at this stage.

“We are committed to sharing as much information about this incident as possible, while protecting sensitive information that could compromise the city’s security,” the statement said.

Cities have become a growing target for cyber-crime, particularly ransomware attacks. There is also increasing concern about the emergence of attacks that could target physical infrastructure.