Cyber Incident Victim: City of Naples, Florida
Date:
Aug 2019
Location:
United States of America
Summary
The City of Naples, Florida, suffered a $700,000 financial loss due to a sophisticated spear phishing attack where threat actors impersonated a representative from Wright Construction Group, a contractor involved in city infrastructure work. Attackers deceived staff into redirecting payments to a fraudulent bank account, though the incident did not compromise municipal data systems. Authorities were notified and initiated an investigation into the fraudulent transfer. This incident occurred amid a broader trend of cyberattacks targeting local governments in the state, including ransomware incidents in other municipalities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around August 2, 2019, the City of Naples, Florida, suffered a financial cyberattack resulting in a loss of $700,000. Attackers executed a targeted spear phishing campaign against a specific individual or department within the city government. The threat actors impersonated a representative from Wright Construction Group, a legitimate contractor engaged in infrastructure work on Eighth Street South in downtown Naples. Through this deception, the attackers provided fraudulent banking details and convinced city personnel to redirect a payment intended for the contractor into an account under their control. The transaction was processed before the fraud was detected, leading to the irreversible transfer of funds. City Manager Charles Chapman confirmed that the attack exclusively targeted financial transactions and did not compromise the city’s data systems, networks, or other operational infrastructure. Following the discovery of the incident, city officials immediately reported the theft to law enforcement agencies, which initiated an investigation to trace the funds and identify the perpetrators. No evidence suggested broader system infiltration or data exfiltration beyond the fraudulent transfer. The incident highlighted vulnerabilities in the city’s payment verification processes for vendor transactions.
This attack occurred amid a series of cyber incidents targeting municipalities across Florida in 2019. Earlier that year, Riviera Beach paid $600,000 in ransom following a ransomware attack that encrypted its systems, while Lake City paid nearly $500,000 under similar circumstances. Jackson County, Georgia, had paid a $400,000 ransom in March 2019 after ransomware paralyzed government operations. In July 2018, Palm Springs, another Florida municipality, paid a ransom but failed to fully recover its data. Unlike these ransomware cases, Naples’ incident involved no malware deployment or system encryption; the loss stemmed solely from social engineering and fraudulent banking instructions. The city’s public disclosure emphasized the sophistication of the spear phishing tactic, which exploited trusted vendor relationships. Authorities continued efforts to recover the stolen funds, though no public updates confirmed their success. The financial impact remained confined to the $700,000 loss, with no operational disruptions to city services or secondary costs disclosed.