Cyber Incident Victim: City of Unalaska

Between May 15 and July 9, 2019, the City of Unalaska transferred $2,985,406.10 to a fraudulent bank account following a targeted phishing attack. The incident began when city employees received an email appearing to originate from a known vendor, though the message was actually sent by malicious actors. The fraudulent communication requested a change to the vendor's established payment method, directing future transactions to the attacker-controlled account. Municipal personnel processed multiple payments to this account over a nearly two-month period before detecting the deception. The scheme remained operational until at least July 9, when the final unauthorized transfer occurred. This timeline indicates attackers maintained persistent access to communication channels or continued exploiting initial compromise mechanisms throughout the payment period.

Federal authorities initiated an investigation that successfully recovered $2.3 million of the stolen funds by September 5, 2019. The nearly two-month federal recovery effort reduced the net financial loss to approximately $685,406.10. No additional details regarding investigation methods, criminal proceedings, or specific federal agencies involved were disclosed in available reports. The incident exposed operational vulnerabilities in the city's payment verification protocols, particularly regarding electronic fund transfer authorization procedures. Financial impacts included both the unrecovered funds and resource expenditures related to the investigation and recovery process. The city resumed standard operations following the recovery of partial funds, with no public documentation of secondary disruptions to municipal services or long-term budgetary consequences.