October 8, 2020
To: Town of Franklin Residents
From: Jamie Hellen, Town Administrator
The Town of Franklin is cautioning all residents and employees to be mindful of the sharp increase in malicious cyber fraud and email phishing attempts. The Town of Franklin is announcing today that it has itself been the victim of a recent “spear-phishing” attack. A payment of $522,000 was misdirected to a third party.
The matter has been turned over to the Franklin Police Department who are working with state and federal authorities, for a complete criminal investigation. In addition, the Town has retained as special counsel in connection with this matter an attorney to coordinate and work with the authorities on this matter. Attorneys for the Town have requested there be no further comment on the investigation until the appropriate time when all of the facts have been gathered and the Franklin Police Department has completed its investigation.
I have been reassured that Franklin’s electronic data is secure. There is currently no evidence of a breach of our systems. All personal information, accounts and town software systems have been found not to be compromised. The incident was not a ransomware attack.
I also wish to note that this incident has not affected the Town’s general fund. It occurred in connection with a non-general fund account. The Town is implementing new procedures and protocols to limit future incidents of this type and urges all to guard against increased fraud.
For further resources and information on cyber-crime, threats and spear-phishing, please visit the Federal Bureau of Investigation’s (FBI) cyber-crime website here:
https://www.fbi.gov/investigate/cyber
--------------
Shared via ToF Twitter account https://twitter.com/TOFranklinMA/status/1314341421135147013 which contained the following PDF https://www.franklinma.gov/sites/g/files/vyhlif591/f/uploads/2020-10-08_spear_phishing_attack_announcement_.pdf
No a good look for Franklin especially coming off the primary problem.
ReplyDeleteKen Norman
Totally unrelated but bad news is just that, bad
ReplyDeleteDoesn't the town have up to date cybersecurity measures and training in place for its employees? There is literally no reason this should have happened.
ReplyDeletethey do regular training, and they do have processes in place. In the cyber world unfortunately, the nefarious folks are usually a step ahead.
DeleteWhat difference does it make if it's a general fund or non general fund account. The money is just as gone.
ReplyDeleteit still may be recovered... and if not, covered by the insurance policy... so not all is lost. Do need to tighten controls for sure..
Delete