Cyber Incident Victim: Harris County
Date:
Sep 2017
Location:
United States of America
Summary
A phishing attack targeted Harris County shortly after Hurricane Harvey, with an attacker impersonating an accountant from a contractor involved in post-storm repairs. The fraudulent email requested rerouting of an $888,000 payment to a new bank account under the guise of legitimate debris cleanup and infrastructure work. This attempt to divert funds prompted the county to implement enhanced cybersecurity measures to prevent similar financial threats. The incident highlighted vulnerabilities in payment verification processes during disaster recovery operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 21, 2017, approximately three weeks after Hurricane Harvey caused widespread damage in Houston, the Harris County auditor's office received a fraudulent email request for payment. The email originated from an individual identifying herself as Fiona Chambers, who claimed to represent D&W Contractors, Inc.—a legitimate contractor engaged in post-Harvey reconstruction work for the county, including parking lot repairs, debris cleanup, and road construction. Chambers requested that the county deposit $888,000 into what she described as the contractor's new bank account. The request exploited the ongoing disaster recovery context, as Harris County was actively processing contractor payments for hurricane-related repairs at the time.
The phishing attempt was detected before funds were transferred, preventing financial loss. Following the incident, Harris County implemented enhanced cybersecurity protocols to address vulnerabilities exposed by the attack. These measures included the adoption of multi-factor authentication systems and expanded cybersecurity training for personnel handling financial transactions. The attempted fraud highlighted risks associated with electronic payment requests during disaster recovery operations, when urgent financial processing requirements could create opportunities for social engineering attacks. No additional operational disruptions or data breaches beyond the payment request attempt were documented in the available reporting. County officials publicly acknowledged the incident months later while outlining their improved security framework.