PORTLAND, Ore. — In a single breach of cybersecurity last month, the city of Portland says it lost about $1.4 million to a fraudulent transaction that was not noticed until weeks later.
The transaction happened in late April, transferring city funds to an outside account. Staff didn't realize what had happened until the same account made a second attempt to access funds on May 17.
"Preliminary evidence indicates that an unauthorized, outside entity gained access to a city of Portland email account to conduct this illegal activity," said Carrie Belding, public information officer for Portland's Office of Management and Finance, in a statement issued Friday.
Portland officials formed a cyber incident response team to investigate the fraudulent transactions, Belding said, working to find the extent of the breach and make sure that there would be technology and policies in place to prevent a similar threat in the future.
Belding said that Portland also notified the FBI, the U.S. Secret Service and the Portland Police Bureau.
"The city is taking action to hold accountable whoever is responsible for this fraudulent activity," Belding continued. "City officials will work closely with law enforcement, in addition to completing the internal investigation and taking any immediate actions identified to strengthen security."
The city of Portland said that it would not release any further details about the breach for the time being to ensure the integrity of the investigation.
While the city did not specify which funds were accessed and under what pretenses, funding made available during the COVID-19 pandemic has became a vector for unprecedented levels of fraud across the U.S. The Secret Service estimated in December that nearly $100 billion in pandemic relief funds had been stolen through various forms of fraud.
In late April, a former employee of the Oregon Health Authority was charged with embezzling nearly $1.5 million in federal funds. Meanwhile, the state of Oregon has sued an Illinois-based company that purported to offer pop-up COVID testing sites, alleging that the owners pocketed millions for themselves.