Burlington, Wash. officials have notified hundreds of employees and residents that their bank account information was compromised last week when hackers broke into city systems and stole more than $400,000 from a city account at Bank of America.
Among those impacted by the breach are employees participating in Burlington's electronic payroll deposit program and utility customers enrolled in the city's autopay program for sewer and storm drain charges.
In an alert issued this morning, city administrator Bryan Harrison said all autopay customers should assume that their name, bank account number and routing number was comprised following an intrusion into a city utility billing system.
He urged affected customers to immediately contact their bank to flag or close their accounts.
All employees participating in the city's electronic payroll deposit program have also been asked to close out their old accounts and establish a new one as a result of the breach, Harrison told Computerworld Monday.
The employees have also been asked to notify major credit-reporting agencies about the breach and to alert them about the potential for identity theft.
"At this point, we don't know the full extent of the exposure,'' Harrison said. The U.S. Secret Service and other law enforcement agencies are investigating the breach, he added.
According to Harrison, the city first learned of the online heist last Thursday when an east coast bank sought information about a series of suspicious transfers from a Burlington city account.
"They called our finance department and said there are all these funny transactions going on. [They asked:] Did you move money to these accounts?" Harrison said.
The city immediately reviewed the activity and noticed at least three "significant transactions" from its Bank of America account to accounts at the east coast bank. In all, over $400,000 was illegally transferred to business and personal accounts around the country over a two-day period, Harrison said.
The theft could have been much worse because the affected account contained a lot more cash, he said.. "There was much more in that specific account. We don't know if [the hackers] just didn't have the time" to steal more funds.
Investigators are trying to figure out how the intruders gained access to the Bank of America account. The account has been frozen and all of the city's money has been temporarily moved out of Bank of America as a precaution.
Numerous other small town, municipalities and small businesses have been victimized by similar online heists over the past three or four years.
In most incidents, the cybercrooks first stole usernames and passwords used by to gain access to bank accounts. The stolen credentials were then used to log into the online accounts and wire transfer money to mule accounts in the United States and abroad.
The FBI has estimated that U.S. businesses and banks have lost hundreds of millions of dollars due to such thefts in recent years.
The Burlington theft came just days after security firm RSA warned of cybercriminals plotting a massive and concerted campaign to steal money from the online accounts of thousands of consumers at 30 or more major U.S. banks.
In an advisory posted earlier this month, RSA said it had information suggesting that a criminal gang planned to unleash a Trojan program called Gozi Prinimalka that would infiltrate computers belonging to U.S. banking customers and to initiate fraudulent wire transfers from their accounts.
According to RSA, the organizers of the attack are currently recruiting about 100 botmasters to launch and coordinate the attacks.
Since RSA's alert, several other security experts have reported seeing the signs of preparation of an imminent and massive attack against U.S banking customers.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.