Cyber Incident Victim: San Felipe Independent School District
Date:
Feb 2020
Location:
United States of America
Summary
San Felipe Del Rio CISD experienced a business email compromise attack resulting in unauthorized electronic fund transfers via Automated Clearing House to a fraudulent account. The district detected the incident and confirmed financial losses, though it expressed optimism about resolving the matter. No recovery of funds had been confirmed at the time of reporting, and the fraudulent transfer's exact timing remained unspecified beyond its discovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 18, 2020, San Felipe Del Rio Consolidated Independent School District (CISD) in Texas discovered it had fallen victim to a business email compromise (BEC) scam involving fraudulent financial transfers. The district identified that funds intended for a legitimate recipient had been electronically diverted through the Automated Clearing House (ACH) network to an unauthorized account controlled by attackers. The incident was detected on a Tuesday, consistent with the February 18 discovery date referenced in the district’s subsequent press release. While the exact transaction date and financial impact were not disclosed publicly, the unauthorized transfer represented a direct financial loss to the district. Officials confirmed the incident stemmed from compromised email communications but did not specify whether employee accounts, vendor systems, or third-party processors were exploited in the scheme. The district promptly issued a public statement on February 20, 2020, acknowledging the incident but omitting operational details about the attack vector or transaction amounts.
San Felipe Del Rio CISD expressed confidence in resolving the situation but provided no timeline or specific recovery actions in its initial communications. As of February 20, no updates confirmed the recovery of misdirected funds, suggesting the financial loss remained unresolved at the time of reporting. The district maintained public transparency through its website but avoided technical disclosures about mitigation steps, account security enhancements, or law enforcement involvement. The incident highlighted operational vulnerabilities to socially engineered financial fraud without indicating broader system compromises like ransomware or data exfiltration. Del Rio News Herald covered the breach, though no subsequent articles clarified whether the district recovered losses or implemented additional safeguards beyond standard fraud protocols. The business email compromise incident disrupted financial operations but did not reportedly affect student data or educational services.