School district scammed out of nearly $270,000 by someone posing as a vendor

A scammer stole nearly $270,000 from the Juneau School District this fall, city officials said during a Wednesday night meeting, and the funds are likely unrecoverable.

In a memo shared with the City and Borough of Juneau Finance Committee at its Wednesday night meeting, CBJ Finance Director Jeff Rogers detailed the fraud and information shared with him in early December by the district.

The memo outlined that a person posing as a vendor for the district asked district staff for a change to the company's direct deposit information using a "spoofed" email address made to look as though it belonged to the vendor. At the time, district staff did not detect the fraud and two separate payments were sent to the scammer, one in early October totaling more than $93,000 and the other in early November totalling nearly $176,000.

According to Superintendent Bridget Weiss, the fraud was an outside attack and wasn't from someone within the district.

"It's sad and unfortunate circumstances," Rogers said during the meeting.

Rogers said after the CBJ Finance staff were notified by the district of the fraud in early December, they immediately contacted the Juneau Police Department, CBJ Law Department, First National Bank of Alaska and the FBI. Currently, the case remains open with the FBI, however, Rogers noted frauds such as this are frequent and difficult to investigate.

In his memo, Rogers shared that since December he had been in regular contact with JSD staff about the importance of disclosing this financial crime to the public, however as of Wednesday, the district had not disclosed it.

In an interview with Empire, Rogers said the FBI gave clearance in December to both the district and CBJ to share this information with the public, stating the disclosure would not hinder the investigation.

"Sufficient time had passed without disclosure and it's important to disclose to the public," he told the Empire.

Weiss said the district was waiting for more information from the investigation to be shared with them before making the information public so as to not hamper any of the investigation.

"It's an ongoing investigation — this just happened in December," she told the Empire Thursday morning. "We're still getting some pieces of the puzzle as to what happened."

Weiss said the district does annual mandatory cybersecurity/attack training as a preventative measure for all district employees. In addition, the district sends out "spot checks" to test employees' ability to identify suspicious emails throughout the year.

She said the district is currently reviewing its protocol to better prepare staff for cyber fraud, however, she said the district would not share if any of its staff would be disciplined or any actions would be taken to an individual in response to the fraud at this time.

In his memo, Roger said the city is able to get involved financially to assist the district with the loss of funds.

He explained that the city has a risk fund for criminal events such as this and would be able to cover the money lost to the scam. The city itself recently used the fund in a similar situation that happened in 2019 when a scammer stole nearly $330,000 from the CBJ.

Rogers said if the district files a claim with CBJ Risk Management, the first $250,000 would be paid from the CBJ Risk Fund and the remaining portion of around $19,000 could be paid for by insurance coverage.

According to Rogers, the district has yet to file a claim with the CBJ Risk Manager, nor has it made a claim to the city's third-party insurers for the portion that may be covered.

Weiss said the school board plans to discuss the next steps regarding how to cover the funds at its upcoming meeting on March7 during its executive session. She said if action is taken by the board, it will be made public along with sharing any updates on the criminal aspect of the investigation.

"I think we're happy to have caught it when we did," she said. "I think the fact that we caught it quickly and that we do preventative training to minimize the risk, in the scheme of potential hazards, given our $94 million budget, we feel fortunate that it wasn't worse and that the financial impact wasn't worse."

Contact reporter Clarise Larson at [email protected] or (651)-528-1807. Follow her on Twitter at @clariselarson.