Cyber Incident Victim: Five Flags Center

In late June 2022, unidentified hackers executed a cyber attack against Dubuque’s Five Flags Center, resulting in the theft of $300,000 from the venue’s MidWestOne Bank account. The attackers successfully transferred the stolen funds to an overseas account in Hong Kong. The financial breach was discovered by the Five Flags Center and its banking partner, though the exact method of intrusion and timeline of detection were not publicly disclosed. This incident occurred amid heightened cybersecurity concerns in the region, coinciding with a separate cyber attack that disrupted Cedar Rapids School District operations during the same general timeframe. The theft created immediate operational and financial uncertainty for the events center, with General Manager H.R. Cook later describing the situation as "very stressful" over the subsequent month. No additional compromises of customer data or other systems were reported in connection with the breach.

MidWestOne Bank and Five Flags Center promptly engaged federal law enforcement, including the FBI, to investigate the attack’s origin and trace the stolen funds. Through collaborative efforts between the bank, the venue’s parent company ASM Global’s Security and Information Technology departments, and federal agents, authorities successfully intercepted the financial transfer and recovered the entire $300,000 sum. The recovery process concluded by early August 2022, with all funds being returned to Five Flags Center. Cook publicly acknowledged the successful resolution, crediting the coordinated response from banking, corporate security, and law enforcement entities. The incident underscored the vulnerability of organizations to cyber threats despite unspecified existing precautions, with Cook emphasizing that such attacks "can happen to anyone." No arrests or attribution details regarding the perpetrators were released following the investigation.