Exploit: Business Email Compromise
Chester Upland School District: Regional Education Authority
Risk to Business: 1.337 = Severe
A recent business email compromise attack on a Pennsylvania school district resulted in bad actors making off with more than $13 million. Authorities say hackers used a stolen district employee email account to snatch the money by sending official-looking messages from that account and then diverting payments to themselves. After diverting the payments, the cybercriminals then used a romance scam conducted through the dating site eHarmony to entice a Florida woman to launder the money unwittingly. The scheme came to light after the Pennsylvania Department of the Treasury flagged a large transfer, unraveling the whole mess. $10 million of the money has since been recovered.
Individual Impact:
No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business: Business email compromise is hard to detect but causes the most financial damage. This school district got lucky recovering money.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.