FBI explores $150,000 payroll hack at Wisconsin school

Such was the case of a computer hacker who on Nov. 23, last Friday, rerouted $150,000 from a payroll disbursement made by the K-12 Stanley-Boyd school district in Western Wisconsin to Madison’s Anchor Bank. The FBI is looking into the issue, which was at first thought to be a bank error. 

Jennifer Ranville, spokesperson at Anchor Bank, told the Chippewa Herald that there is however “no evidence that its systems were compromised.” It appears that the hackers managed to reroute the money in between it leaving school coffers and hitting employee bank accounts.

“Unfortunately, hackers appear to have accessed our direct deposit file,” said Superintendent Jim Jones, also speaking to the paper.

Ranville said that the district’s 150 employees were paid in full (the theft is covered by the school’s liability insurance) while the case is examined, and that the bank is working with school employees to start new accounts to ward off any possible identity theft.

“We are ... working with our impacted customers that are employees of the school district to close out their accounts and open new ones, since their account information may have been compromised,” she said. “No other AnchorBank customer accounts were impacted by this event.”

The good news is that a portion of the $150,000 has been recovered by Anchor Bank. “The bank has already retrieved a good portion of our money and is continuing to retrieve more,” Jones said.

And, meanwhile, the school district said that it would work to make its systems more secure. “Beyond the obvious changing of system passwords within the district, we have already worked with Anchor Bank to make our system of money transferring more secure on our end in the future,” Jones noted, adding that it may implement options for individual financial protection for school employees.

State and local targets have been creeping into headlines lately. Earlier in the month the South Carolina Department of Revenue was hit with a massive breach that compromised 3.6 million Social Security Numbers. Last year, the Texas Comptroller’s office inadvertently placed personal information of 3.5 million citizens on a publicly accessible computer server. Over the summer The University of North Florida said that that the names and social security numbers of 23,246 individuals became compromised by a data breach involving a server hosting housing contracts. State and local CIOs have long requested grants to beef up cybersecurity: an apparently increasing need.

What’s Hot on Infosecurity Magazine?