Cyber Incident Victim: City of Ottawa
Date:
Mar 2023
Location:
Canada
Summary
A cyber-attack targeting the City of Ottawa and a contractor involved fraudulent online accounts impersonating the contractor to facilitate financial fraud, prompting a joint investigation by local police and the FBI. The incident did not compromise city account data, but led to enhanced security measures including a "positive pay" system for future transactions to mitigate similar risks. Authorities indicated the attack originated outside Illinois and noted parallels to phishing schemes affecting other municipalities, emphasizing the targeting of government entities and their vendors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early March 2023, the City of Ottawa and one of its contractors became targets of a cyber-attack involving fraudulent impersonation. Attackers created fictitious online accounts mimicking those of a legitimate contractor engaged with the city, enabling them to execute financial fraud. Ottawa Police initiated an investigation in collaboration with the FBI, focusing on identifying the perpetrators and the methods used to misrepresent the contractor’s identity. The city confirmed its internal accounts and systems remained uncompromised, with no unauthorized access to municipal data. Officials emphasized that the breach occurred through external manipulation of the contractor’s accounts rather than a technical intrusion into city infrastructure. The fraudulent activity mirrored phishing tactics commonly directed at government entities, municipalities, and school districts, leveraging vendor relationships as key entry points. Similar incidents had impacted other communities beyond Ottawa, though the investigation did not disclose exact parallels. City representatives noted the attack exploited procedural weaknesses rather than technical vulnerabilities in municipal systems. Authorities withheld specifics about the financial scope or the exact timing of the fraudulent transactions during the initial response phase.
Investigators traced the attack’s origin to entities outside Illinois, though no definitive location or suspects were publicly named. Ottawa Police Chief Brent Roalson urged heightened public vigilance against online scams, acknowledging the universal risk of such frauds. The city implemented a "positive pay" system for payment verification to mitigate future fraud risks, requiring additional validation for financial transactions. Enhanced monitoring protocols were also applied to vendor communications and payment processes following the incident. The collaboration with federal agencies aimed to address the cross-jurisdictional nature of the attack and identify broader patterns of similar crimes. No evidence indicated data exfiltration or secondary compromises of city systems beyond the immediate financial fraud. Municipal operations continued uninterrupted, with no reported disruptions to public services. The incident underscored recurring targeting of municipal supply chains, prompting procedural adjustments among Ottawa’s contractors.