Cyber Incident Victim: Miami Beach City Hall

Between summer 2016 and December 19, 2016, unidentified attackers stole approximately $3.6 million from Miami Beach City Hall’s SunTrust Bank account by manipulating automated payment systems. The criminals obtained the bank’s routing numbers and altered transaction details to redirect funds intended for legitimate vendors and government bill payments. These unauthorized transfers occurred systematically over six months without detection by city officials or bank security protocols. The targeted account held substantial public funds derived from municipal revenue streams including parking fees, resort taxes, recreation fees, and red light camera fines, with daily balances fluctuating between $46 million and $144 million. The fraud was discovered on December 19, 2016, prompting immediate suspension of all transactions from the compromised account. City Manager Jimmy Morales notified commissioners via memo, attributing the theft to third-party actors while acknowledging internal procedural failures in treasury oversight.

Following discovery, Miami Beach officials opened a new bank account and mandated SunTrust to implement enhanced fraud controls for municipal accounts. The Federal Bureau of Investigation and local law enforcement agencies initiated a criminal investigation to trace the stolen funds and identify perpetrators. Two senior finance managers—Treasury Manager Juan Rodriguez and Accounts Payable Director Bryan Scott Wagner—resigned amid scrutiny, though neither was formally implicated in the scheme. Morales emphasized that improved account reconciliation practices could have reduced financial losses despite the attack’s sophistication. The incident exposed vulnerabilities in automated payment verification processes for high-value government accounts handling taxpayer revenue, with no public confirmation of fund recovery as of the January 10, 2017 report.