Chester Upland School District lost $3 million in a hacking scheme last year, officials announced Friday
Chester Upland schools victim of hacking scheme to the tune of $3 million
Great save: More than $10 million pulled back by Pa. Treasury officials before a transfer.
Delaware County District Attorney Jack Stollsteimer with Deputy DA Doug Rhoads and Pennsylvania Treasury Secretary Stacy Garrity talk about the hacking scam that cost Chester Upland School District about $3 million, and nearly a lot more. (ALEX ROSE - DAILY TIMES)
Delaware County District Attorney Jack Stollsteimer with Deputy DA Doug Rhoads and Pennsylvania Treasury Secretary Stacy Garrity talk about the hacking scam that cost Chester Upland School District about $3 million, and nearly a lot more. (ALEX ROSE – DAILY TIMES)
By ALEX ROSE | [email protected] | The Delaware County Daily Times
PUBLISHED: August 26, 2022 at 12:06 p.m. | UPDATED: August 26, 2022 at 10:26 p.m.
MEDIA — Delaware County District Attorney Jack Stollsteimer announced Friday that an international thief or thieves stole approximately $3 million from the Chester Upland School District last year using a Florida woman as a “money mule,” but said it might have been much worse if not for the intervention of officials with the Department of Treasury.
“Thanks to quick action by the (Pennsylvania) treasurer’s office, this audacious attempt to steal from the schoolchildren of Chester and the taxpayers of the commonwealth was thwarted,” said Stollsteimer. “The scope and complexity of the scheme are, however, alarming and remind us all of the importance of keeping our technology protected, as well as the perils of conducting financial transactions with — or on behalf of — individuals unknown to you.”
Thieves attempted to steal a total of $13.3 million from the district, but were thwarted when a single $8.5 million payment request sent up red flags and allowed Treasury to claw back $10.3 million before it could be washed through multiple banks and sent overseas, Stollsteimer said.
Had that gone through, teachers may not have been paid, he added.
Change of address
Stollsteimer said Detective Edward Silberstein and Detective Sgt. Joseph Hackett from the Delaware County Criminal Investigation Division found the district had been the victim of a complex, two-part scheme to misdirect state education funds over the course of about three months.
Chester Upland was the victim of a hacking event sometime in December 2020, according to Stollsteimer, when a person associated with Nigeria was able to get access to the district email system and create a “mirror” account of an employee email address.
The hacker used an official-looking email to request funds from the Pennsylvania Department of Education that are paid out over the year to school districts from state coffers, he said.
Stollsteimer said the hacker sent an email to the state asking to change the receiving bank account from one controlled by the district to one under the hacker’s control.
Treasury Secretary Stacy Garrity said a person at the Office of the Comptroller did call a number listed for the “district employee” in that email, but investigators believe that call was actually placed to the hacker, who confirmed the change.
Deputy District Attorney Doug Rhoads said that the phone number was different than the one listed in prior emails from the employee’s actual email address.
Stacy Gerrity, Pennsylvania Secretary of the Treasury. (ALEX ROSE - DAILY TIMES)
Stacy Garrity, Pennsylvania secretary of the Treasury Department. (ALEX ROSE – DAILY TIMES)
A fine romance
Stollsteimer stressed that no evidence at this point shows that anyone from CUSD was actually involved in the scheme, which routed money through a Florida woman before the funds were sent overseas.
He said the woman, a recent widow, was herself the victim of a romance scam.
Rhoads said the woman met a person through the dating website EHarmony who posed as a love interest. That woman was convinced to move millions of dollars to overseas accounts through bank transfers and the purchase of cryptocurrency, Stollsteimer said.
“She believed that she was helping someone that she was falling in love with, but that she had never met,” the DA said. “She was the conduit for moving that money. Some of that money was moved into online banking accounts where it was turned quickly into cryptocurrency and sent overseas.”
Red flags
The scheme unraveled in February 2021 when Treasury received a request for a lump $8.5 million payment to the district from PDE. Garrity said the requested amount was so large that it was flagged to ensure the bank account hadn’t been changed.
Officials in her office found the bank account was the same as recent prior transactions, but went back in time anyway just to be sure and discovered the change from December, Garrity said.
There had been approximately 25 distributions to the phony account by then, said Stollsteimer, many of them in much smaller amounts.
“We put a hold on it. We clawed it back, and then we started going in and just immediately clawing back anything that was out there,” Garrity said.
Garrity noted that was a Friday afternoon. Had her office waited until Monday morning to follow through, that money might have been gone.
Trying to recoup
Former Chester Upland Receiver Juan Baughn said last year that district administration alerted Stollsteimer’s office about funding issues after the district did not receive payments, but Garrity said investigators in her office were already on the issue by that point.
Current Receiver Nafis Nichols said in a statement that the district was pleased that more than $10 million of the funds had been intercepted before they could get into the hands of the hackers, and is hopeful that the $3 million stolen will also be reimbursed to Chester Upland.
“Our district faces significant economic challenges, and we are doing our best to allocate as much money as possible to our classrooms and to providing adequate and appropriate staffing,” he said. “An additional $3 million can make a significant difference for our students. We are also exploring our options with our insurance carrier.”
Nichols noted that the district fully cooperated with the investigation and has since beefed up cybersecurity measures. He hopes that “through the proper channels, the students of Chester-Upland can be made whole.”
Stollsteimer also said the children of the Chester Upland School District, one of the poorest in the commonwealth, should not be victims of the scheme and the district needs answers on that money now, as the new school year starts Monday.
“Gov. (Tom) Wolf was in Delaware County yesterday talking about the record amounts of education funding coming to school districts,” said Stollsteimer. “Chester Upland should not be victimized this way. We need the commonwealth and we need the insurance carrier to give a coherent, declarative statement to the school district and receiver of Chester Upland that these children are not going to be victimized because of what happened through this scheme. …They need to know and have confidence in what their budget is going to be for this upcoming school year. Three million dollars is an impactful amount of money, and I think the insurance carrier and PDE ought to be giving them straight answers about whether that money is going to be paid up.”
A spokesperson for Wolf said questions regarding the district’s options should be directed to Chester Upland.
Ever vigilant
Stollsteimer said cybercrime is on the rise, noting that even Delaware County paid a $500,000 ransom last year after hackers disrupted systems and demanded cash to free up police reports, payroll, purchasing and other databases.
The county has since invested about $2.4 million to upgrade its security system and make other Information Technology improvements.
Garrity said her office alone fights off approximately 7.5 million cyberattacks a month, or 240,000 a day.
She noted the accounts payable division of the governor’s office was in the process of implementing a new fraud protection mechanism called Account Verification System while this scheme was ongoing.
She said AVS, which was implemented at Treasury in the spring of 2021, almost instantaneously ensures payment information matches with banking information and said none of the fraudulent payments would have gone through if it was in place at the time.
Stollsteimer said the case is now in the hands of federal investigators. No one has been charged yet, but he urged citizens across the commonwealth to be ever vigilant of phishing schemes in their inboxes and to never download or click on anything linked in emails from people they do not know.
Stollsteimer and Garrity also urged anyone who believes they may be the victim of a “romance scam” or other cybercrime to immediately report the suspected fraudulent activity to their banking institution and the Federal Bureau of Investigation, either at the local field office or online at ic3.gov.
The faster an alleged fraud is reported, the better chance victims have of getting back transferred funds, as in this case.
“My highest priority is serving as a fiscal watchdog to protect taxpayer funds,” Garrity said. “This incident should serve as a reminder to everyone — government agencies, businesses, nonprofits, and ordinary citizens — to always be on the alert for cybercriminals and fraudsters.”
Great save: More than $10 million pulled back by Pa. Treasury officials before a transfer.
Delaware County District Attorney Jack Stollsteimer with Deputy DA Doug Rhoads and Pennsylvania Treasury Secretary Stacy Garrity talk about the hacking scam that cost Chester Upland School District about $3 million, and nearly a lot more. (ALEX ROSE - DAILY TIMES)
Delaware County District Attorney Jack Stollsteimer with Deputy DA Doug Rhoads and Pennsylvania Treasury Secretary Stacy Garrity talk about the hacking scam that cost Chester Upland School District about $3 million, and nearly a lot more. (ALEX ROSE – DAILY TIMES)
By ALEX ROSE | [email protected] | The Delaware County Daily Times
PUBLISHED: August 26, 2022 at 12:06 p.m. | UPDATED: August 26, 2022 at 10:26 p.m.
MEDIA — Delaware County District Attorney Jack Stollsteimer announced Friday that an international thief or thieves stole approximately $3 million from the Chester Upland School District last year using a Florida woman as a “money mule,” but said it might have been much worse if not for the intervention of officials with the Department of Treasury.
“Thanks to quick action by the (Pennsylvania) treasurer’s office, this audacious attempt to steal from the schoolchildren of Chester and the taxpayers of the commonwealth was thwarted,” said Stollsteimer. “The scope and complexity of the scheme are, however, alarming and remind us all of the importance of keeping our technology protected, as well as the perils of conducting financial transactions with — or on behalf of — individuals unknown to you.”
Thieves attempted to steal a total of $13.3 million from the district, but were thwarted when a single $8.5 million payment request sent up red flags and allowed Treasury to claw back $10.3 million before it could be washed through multiple banks and sent overseas, Stollsteimer said.
Had that gone through, teachers may not have been paid, he added.
Change of address
Stollsteimer said Detective Edward Silberstein and Detective Sgt. Joseph Hackett from the Delaware County Criminal Investigation Division found the district had been the victim of a complex, two-part scheme to misdirect state education funds over the course of about three months.
Chester Upland was the victim of a hacking event sometime in December 2020, according to Stollsteimer, when a person associated with Nigeria was able to get access to the district email system and create a “mirror” account of an employee email address.
The hacker used an official-looking email to request funds from the Pennsylvania Department of Education that are paid out over the year to school districts from state coffers, he said.
Stollsteimer said the hacker sent an email to the state asking to change the receiving bank account from one controlled by the district to one under the hacker’s control.
Treasury Secretary Stacy Garrity said a person at the Office of the Comptroller did call a number listed for the “district employee” in that email, but investigators believe that call was actually placed to the hacker, who confirmed the change.
Deputy District Attorney Doug Rhoads said that the phone number was different than the one listed in prior emails from the employee’s actual email address.
Stacy Gerrity, Pennsylvania Secretary of the Treasury. (ALEX ROSE - DAILY TIMES)
Stacy Garrity, Pennsylvania secretary of the Treasury Department. (ALEX ROSE – DAILY TIMES)
A fine romance
Stollsteimer stressed that no evidence at this point shows that anyone from CUSD was actually involved in the scheme, which routed money through a Florida woman before the funds were sent overseas.
He said the woman, a recent widow, was herself the victim of a romance scam.
Rhoads said the woman met a person through the dating website EHarmony who posed as a love interest. That woman was convinced to move millions of dollars to overseas accounts through bank transfers and the purchase of cryptocurrency, Stollsteimer said.
“She believed that she was helping someone that she was falling in love with, but that she had never met,” the DA said. “She was the conduit for moving that money. Some of that money was moved into online banking accounts where it was turned quickly into cryptocurrency and sent overseas.”
Red flags
The scheme unraveled in February 2021 when Treasury received a request for a lump $8.5 million payment to the district from PDE. Garrity said the requested amount was so large that it was flagged to ensure the bank account hadn’t been changed.
Officials in her office found the bank account was the same as recent prior transactions, but went back in time anyway just to be sure and discovered the change from December, Garrity said.
There had been approximately 25 distributions to the phony account by then, said Stollsteimer, many of them in much smaller amounts.
“We put a hold on it. We clawed it back, and then we started going in and just immediately clawing back anything that was out there,” Garrity said.
Garrity noted that was a Friday afternoon. Had her office waited until Monday morning to follow through, that money might have been gone.
Trying to recoup
Former Chester Upland Receiver Juan Baughn said last year that district administration alerted Stollsteimer’s office about funding issues after the district did not receive payments, but Garrity said investigators in her office were already on the issue by that point.
Current Receiver Nafis Nichols said in a statement that the district was pleased that more than $10 million of the funds had been intercepted before they could get into the hands of the hackers, and is hopeful that the $3 million stolen will also be reimbursed to Chester Upland.
“Our district faces significant economic challenges, and we are doing our best to allocate as much money as possible to our classrooms and to providing adequate and appropriate staffing,” he said. “An additional $3 million can make a significant difference for our students. We are also exploring our options with our insurance carrier.”
Nichols noted that the district fully cooperated with the investigation and has since beefed up cybersecurity measures. He hopes that “through the proper channels, the students of Chester-Upland can be made whole.”
Stollsteimer also said the children of the Chester Upland School District, one of the poorest in the commonwealth, should not be victims of the scheme and the district needs answers on that money now, as the new school year starts Monday.
“Gov. (Tom) Wolf was in Delaware County yesterday talking about the record amounts of education funding coming to school districts,” said Stollsteimer. “Chester Upland should not be victimized this way. We need the commonwealth and we need the insurance carrier to give a coherent, declarative statement to the school district and receiver of Chester Upland that these children are not going to be victimized because of what happened through this scheme. …They need to know and have confidence in what their budget is going to be for this upcoming school year. Three million dollars is an impactful amount of money, and I think the insurance carrier and PDE ought to be giving them straight answers about whether that money is going to be paid up.”
A spokesperson for Wolf said questions regarding the district’s options should be directed to Chester Upland.
Ever vigilant
Stollsteimer said cybercrime is on the rise, noting that even Delaware County paid a $500,000 ransom last year after hackers disrupted systems and demanded cash to free up police reports, payroll, purchasing and other databases.
The county has since invested about $2.4 million to upgrade its security system and make other Information Technology improvements.
Garrity said her office alone fights off approximately 7.5 million cyberattacks a month, or 240,000 a day.
She noted the accounts payable division of the governor’s office was in the process of implementing a new fraud protection mechanism called Account Verification System while this scheme was ongoing.
She said AVS, which was implemented at Treasury in the spring of 2021, almost instantaneously ensures payment information matches with banking information and said none of the fraudulent payments would have gone through if it was in place at the time.
Stollsteimer said the case is now in the hands of federal investigators. No one has been charged yet, but he urged citizens across the commonwealth to be ever vigilant of phishing schemes in their inboxes and to never download or click on anything linked in emails from people they do not know.
Stollsteimer and Garrity also urged anyone who believes they may be the victim of a “romance scam” or other cybercrime to immediately report the suspected fraudulent activity to their banking institution and the Federal Bureau of Investigation, either at the local field office or online at ic3.gov.
The faster an alleged fraud is reported, the better chance victims have of getting back transferred funds, as in this case.
“My highest priority is serving as a fiscal watchdog to protect taxpayer funds,” Garrity said. “This incident should serve as a reminder to everyone — government agencies, businesses, nonprofits, and ordinary citizens — to always be on the alert for cybercriminals and fraudsters.”
