Nov. 6—The city of Moline paid
The city's liability insurance covers most of the loss, with the city responsible for
When asked in a Freedom of Information Act request for city emails and an insurance claim related to the theft, Moline's legal department responded with several reasons for keeping all information private. Returned were 187 pages of emails with nearly everything redacted except greetings, recipients, and signatures.
Vitas did not disclose the exact amount of money stolen when asked.
"The city of Moline maintains liability insurance policies that protect the city against ransomware attacks, wire fraud attacks and other forms of cyber-attacks," Vitas said. "On a good note, I can let you know that the city's liability in this matter is limited to between
"We got hacked a year ago. It was a lot of money," Potter said. "I can verify that last December, a wire transfer through the city of Moline in the neighborhood of over
"I wouldn't have had a problem with issuing a press release. I think that would have been appropriate."
Similar cyber hacks in Rock Island County and LeClaire were disclosed to the public.
Potter said the Moline theft was discovered when a longtime city vendor called to say they had not been paid. The vendor was confused since the city normally paid invoices right away.
"That's when the problem was discovered by the vendor," Potter said. "That's when we were alerted something was wrong."
'Taking legal avenues'
When the theft occurred in
Moyer confirmed the theft was discovered when a contractor called the city and said they had not been paid.
"We were told (the city) didn't want to discuss it because they were taking legal avenues," Moyer said. "We only heard about it again when the
"I remember there were a couple other big issues going on," Moyer said. "When we found out about (the theft), it was an email saying they were working on recovering it; they said there would be an investigation and they would let us know."
When asked why the public wasn't notified, Moyer said an email sent to city council members stated the matter "was confidential while they investigate. Our instructions were to let them do their job and they would get back to us."
Williams, Wendt and Waldron could not be reached for comment.
"There has been no intention to leave the public in the dark by this new administration," Rayapati said. "With new council and new staff, it's taken some time to get up to speed on this situation. Our staff has been handling the investigation and we're happy to be as transparent about situations such as these that impact the city."
In the city's response to the
"Both the city and the federal law enforcement agents participating in the investigation maintain that premature disclosure of these investigative communications would obstruct the ongoing criminal investigation conducted by the city by permitting the suspects, who have not yet been identified, to potentially evade law enforcement authorities and attempt to destroy or conceal relevant evidence regarding these criminal matters."
In his 18 years on council, Potter said this was the only financial theft "of this magnitude."
"Safeguards and new protocols were put in place to make sure it doesn't happen again," Potter said. "In all fairness to staff, this is not an uncommon thing anymore. It happens a lot; it's not an uncommon thing."
Potter defended Finance Director
"I was always supportive of staff," he said. "Luckily, we have all the right liability insurance to cover things like this."
An increasingly frequent problem
Cyberattacks, which come in several varieties, have been an increasingly frequent and expensive hazard governmental organizations must contend with.
According to the
"Really in the last decade, the focus has, I don't want to say shifted, it's included everybody, whether it's the individual at home, a small organization, up to the big guys, and the skill required to launch many of these attacks has come down," Rouse said.
Rouse recommended training, such as sending tests of fraudulent links that mirror a scam to teach employees to be skeptical, especially to requests for wire transfer and time sensitive requests. Verifying change requests by calling or meeting with the vendor can add an extra layer of security.
"Training is the No. 1 tool against that and having a regimented, continuous training process," Rouse said.
(c)2021 Quad City Times, Davenport, Iowa
Visit Quad City Times, Davenport, Iowa at http://www.qctimes.com
Distributed by Tribune Content Agency, LLC.