Cyber Incident Victim: Proviso High School District 209
Date:
Apr 2024
Location:
United States of America
Summary
The FBI is investigating a cyberattack involving unauthorized wire transfers totaling over $4.9 million from Proviso High School District 209's accounts, with funds diverted to a fraudulent third-party account impersonating a legitimate contractor. Two separate transactions were intercepted, prompting collaboration with law enforcement, financial institutions, and insurers to recover losses. Partial reimbursement of approximately $3.06 million was achieved, leaving $1.88 million unresolved. The district confirmed only one account was compromised, implemented enhanced security protocols for wire transfers and technological systems, and filed a police report while the investigation remains active.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The FBI initiated an investigation into a $4.9 million wire fraud incident targeting Proviso High School District 209 after two unauthorized transfers were identified from the district’s bank account. The first fraudulent transfer occurred on April 4, 2024, amounting to $949,062.42, followed by a second transfer on June 14, 2024, totaling $3,993,114.61. Both payments were intended for Gilbane Building Company, a construction management firm overseeing facility upgrades for the district, but were diverted to a third-party account. The district discovered the cyberattack on June 21, 2024, after Gilbane reported non-receipt of payments, revealing a 78-day gap between the initial breach and detection. Interim Superintendent Alexander Aschoff confirmed the district immediately notified the Proviso Township Treasurer’s Office, the FBI’s Chicago Field Division, relevant financial institutions, and their insurance provider upon discovery. A police report was filed with the Forest Park Police Department on June 24, listing Proviso Math and Science Academy as an involved entity.
Forensic review determined a single district account was compromised, with no evidence of broader system infiltration. Attackers created a fraudulent online account impersonating Gilbane Building Company to facilitate the transfers. By July 3, 2024, the Treasurer’s Office had recovered $3,062,637.75, leaving $1,879,539.28 unrecovered. The district implemented enhanced security protocols for wire transfers and technological systems to prevent recurrence, though specific technical measures were not disclosed. All recovery efforts remained ongoing through federal investigation and insurance coordination at the time of reporting. Financial impacts totaled $4,942,177.03 in diverted funds, with operational disruptions limited to financial operations related to Gilbane’s construction projects and student internship programs. No data theft or additional malicious activity beyond the wire fraud was confirmed.