Cyber Incident Victim: Scotland Town Hall
Date:
Oct 2023
Location:
United States of America
Summary
A cyber attack targeted Scotland Town Hall through online impersonation of legitimate vendors, resulting in the theft of $279,300 via fraudulent transactions and additional unsuccessful diversion attempts. The incident was discovered by the outgoing First Selectman and reported to state and federal law enforcement, prompting an ongoing criminal investigation. The town treasurer resigned, and potential civil litigation from affected vendors is being monitored. In response, the town implemented enhanced cybersecurity measures, revised financial procedures, and mandated staff cyber training to prevent future incidents. The current administration acknowledged the financial impact on town operations but committed to transparency as the investigation progresses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Scotland Town Hall cyber incident involved two fraudulent online transactions occurring on October 24 and October 31, 2023, resulting in the theft of $279,300 of municipal funds through an offshore cyber-attack. Attackers impersonated legitimate vendors contracted by the town to divert payments intended for valid financial obligations. First Selectman Gary Greenberg identified the theft shortly before leaving office, reporting it to the Connecticut State Police on November 18, 2023, and subsequently to the Federal Bureau of Investigation (FBI) on November 21. The newly inaugurated Board of Selectmen (BOS), assuming office on November 21, was immediately briefed on the incident and learned of additional unsuccessful attempts to redirect town funds using the same impersonation method. These attempts suggested a coordinated effort targeting the town’s financial systems.
The Board of Selectmen notified the town attorney due to the ongoing criminal investigation led by law enforcement and acknowledged potential civil litigation from the impersonated vendor. On November 25, the town Treasurer resigned, though the circumstances linking this resignation directly to the incident were not elaborated. The BOS implemented immediate safeguards, including enhanced cybersecurity protocols, revised financial procedures, and mandatory cybersecurity training for staff to prevent recurrence. The theft complicated the Board’s preexisting commitment to stabilize municipal finances and address property tax concerns. A public meeting was scheduled for December 13 to address resident inquiries, pending investigative progress. No further technical specifics regarding attack vectors, network compromises, or fund recovery efforts were disclosed due to the active investigation.