Cyber Incident Victim: City of Aurora
Date:
Apr 2026
Location:
United States of America
Summary
The City of Aurora reported that an employee was tricked by a phone call impersonating a bank representative into revealing sensitive account information, which led to fraudulent ACH transfers of nearly $1.1 million from municipal payroll accounts. Investigators said there is no indication that the city’s network or data systems were breached, and no resident data appears to have been compromised. The incident is being examined by local police, outside cybersecurity experts and the FBI, which has acknowledged awareness of the case. The city has recovered some of the missing funds and is pursuing full restitution while relying on existing insurance coverage. City officials noted that the employee had undergone regular phishing training and that the city contracts with NuHarbor Security for cyber‑security services and uses the KnowBe4 training platform.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 29, 2026 a city of Aurora employee received a phone call from an individual impersonating a bank representative, who used deceptive tactics to obtain sensitive account information, leading to fraudulent ACH transfers from city bank accounts. The city discovered the fraudulent activity on April 30, the day after the incident occurred, and promptly notified law enforcement and its financial institution while activating internal response procedures. Aurora then engaged outside cybersecurity experts to assist with the investigation, and the Aurora Police Department confirmed that a reported incident involving the city was under active investigation. The FBI acknowledged awareness of the event but declined to confirm whether it was conducting an investigation due to U.S. Department of Justice policy. Mayor John Laesch characterized the incident as a very sophisticated cyber attack, noting that disciplinary actions could not be discussed while the investigation remained ongoing. No evidence has been found to indicate that the city’s network, data systems, or resident information were compromised, though the city awaited the results of its financial institution’s forensic audit to determine any potential impact on employee data.
The fraudulent transfers resulted in a loss of nearly $1.1 million from Aurora’s accounts, of which an unspecified amount has been recovered, with the city committing to continue working with law enforcement until all or more of the funds are reclaimed. Aurora maintains insurance coverage for such financial losses and had previously contracted NuHarbor Security, Inc. for cybersecurity‑related services and approved the KnowBe4 training program for employees, complemented by regular internal training and phishing exercises. City officials stated they are working to strengthen internal procedures, security measures, and employee training to prevent future incidents, while the investigation remains active and ongoing. Law enforcement agencies are collaborating with financial institutions to recover a portion of the stolen funds, and the city has emphasized its commitment to protecting public resources throughout the process. The city has indicated that additional updates will be shared when appropriate and in a manner that preserves the integrity of the investigation. No further specifics regarding the attackers, exact recovery totals, or disciplinary outcomes have been disclosed at this time.