Cyber Incident Victim: City of Chester
Date:
Jun 2021
Location:
United States of America
Summary
A city council member in Chester, Pennsylvania, transferred approximately $400,000 to a fraudulent actor during a phishing incident where the attacker impersonated a legitimate insurance broker using highly similar email details. The payment, intended for workers' compensation insurance, was discovered roughly a month later during an internal invoice review, prompting notifications to law enforcement, IT consultants, and financial institutions, though recovery was deemed unlikely. The incident exacerbated existing financial strains, as the municipality faced a multimillion-dollar deficit, with officials emphasizing transparency concerns and noting prior cybersecurity compromises including a separate ransom payment.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 8, 2021, Chester City Councilman William Morgan received a phishing email impersonating a legitimate insurance broker. The fraudulent communication contained nearly identical details to previous authentic emails from the broker, convincing Morgan to authorize a wire transfer of approximately $400,000 intended for workers' compensation insurance payments. The unauthorized transaction went undetected until an internal invoice review identified discrepancies, though the exact discovery date remains unspecified. Councilman Morgan reportedly identified the fraud approximately one month post-transfer, after which he filed a police report with the Chester Police Department and notified relevant financial institutions and IT consultants. Morgan delayed informing City Receiver Michael T. Doweary about the incident, opting to gather comprehensive information first. Doweary learned of the loss on October 21, 2021—the same morning a press release publicly disclosed the incident—and subsequently demanded explanations from city council regarding the delayed notification protocol. Santander Bank, involved in the transaction, assessed recovery of funds as unlikely following initial investigations.
The financial impact was significant for Chester, which faced a projected $46.5 million budget deficit at the time. Receiver Doweary emphasized the materiality of the $400,000 loss in official communications, stressing operational transparency as critical given the city’s precarious fiscal position. Mayor Thaddeus Kirkland referenced prior cybersecurity incidents affecting municipal finances, including a separate $500,000 ransom payment following an earlier hacking scheme. While Kirkland acknowledged that prompt notification might have reduced losses, he indicated remediation efforts were no longer viable by the time officials were informed. Internal response measures included coordinated investigations involving law enforcement, banking partners, and IT security consultants, though no detailed findings or procedural changes were publicly disclosed. Doweary confirmed appropriate officials were managing the investigation but maintained concerns about communication failures that hindered timely oversight of the incident.