Cyber Incident Victim: City of Fresno

In 2020, the City of Fresno fell victim to an electronic phishing scam that resulted in a financial loss initially reported as approximately $400,000, though subsequent statements indicated total losses exceeding $600,000. The fraudulent transfer occurred during former Mayor Lee Brand’s administration, which chose not to disclose the incident to the Fresno City Council or the public. The Fresno Bee confirmed these details through investigative reporting, revealing that city officials withheld information about the breach from taxpayers. The incident involved unauthorized electronic transfers facilitated by deceptive phishing communications, though specific technical details of the attack vector were not disclosed in available records. City operations or systems impacted beyond financial transfers were not described in the obtained documentation.

The Fresno City Attorney’s Office rejected a December 2021 public records request from The Fresno Bee seeking communications about the fraud, asserting no responsive records existed. However, The Bee later obtained pre-existing emails that contradicted this claim, indicating relevant documentation predated the records request. The FBI was actively investigating the incident and had requested confidentiality regarding the breach details, creating tension between law enforcement protocols and public transparency expectations. No information was provided about recovery efforts, cybersecurity improvements, or disciplinary actions taken following the incident. The financial loss remained un-recovered per available reports, and the delayed disclosure timeline prevented timely public or council oversight of the incident response.