Cyber Incident Victim: Town of Saugerties
Date:
Jun 2022
Location:
United States of America
Summary
A municipal employee in Saugerties fell victim to a cyber fraud scheme involving the diversion of their paychecks to an unauthorized bank account over nine weeks before detection. Fraudulent instructions were submitted to the town's human resources department to alter direct deposit details, resulting in over $7,000 stolen, though partial recovery restored two weeks' pay. The employee received full reimbursement while authorities investigated the incident, prompting plans to strengthen financial transaction protocols to address evolving cyber threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In June 2022, the Town of Saugerties, New York, discovered a cyber fraud incident involving the diversion of an employee’s paycheck deposits. The scheme lasted approximately nine weeks before detection, during which fraudulent instructions were sent to the town’s human resources office to reroute the employee’s direct deposit information to an unauthorized bank account. This resulted in the theft of over $7,000 from the employee’s wages. Town Supervisor Fred Costello confirmed the incident, noting that the fraud was identified through internal processes, though specific detection methods were not disclosed. The employee’s full pay was restored following the discovery, with approximately two weeks’ worth of stolen funds successfully recovered. The incident did not affect other employees or town financial systems beyond this single case.
Authorities launched a police investigation to determine the source of the fraudulent instructions, which exploited existing payroll protocols. Costello emphasized that the town’s safeguards were insufficient to prevent this evolving threat, though no technical vulnerabilities or attacker methodologies were detailed publicly. Immediate corrective actions included restoring the employee’s compensation and recovering a portion of the lost funds. The town pledged to review and strengthen its financial authorization procedures to prevent similar incidents, focusing on enhanced verification measures for payroll changes. No further financial losses or operational disruptions beyond the initial theft were reported.