Chester Upland schools lost millions to email hacking scheme


(TNS) – International thieves embezzled $13 million in state aid from the Chester Upland School District last year in a complex plot involving hacked emails, cryptocurrency and fake romance e -Harmony with a Florida widow, officials said Friday.

Following a “long and complex investigation”, Pennsylvania State Treasurer Stacy Garrity and Delaware County District Attorney Jack Stollsteimer said approximately $10.3 million in the missing state grant money had been recovered and returned to the school district.

The Chester Upland School District says millions of dollars are missing. The DA has launched an investigation.

But about $3 million was laundered in cryptocurrency and remains missing, with the thieves responsible being investigated by federal authorities, according to Stollsteimer. No charges were filed and Stollsteimer declined to answer questions about the ongoing federal investigation and the identities of the hackers.

“The people who shouldn’t be victimized here are students in the Chester Upland school district, one of the poorest districts in Pennsylvania,” Stollsteimer said. “We have to convince the Commonwealth and the Department of Education to make them whole.”

The Chester Upland School District — home to about 7,200 public school students, including those attending charters — has been in financial receivership by the state since 2012.

The scheme unfolded in two parts, detectives from the Delaware County Criminal Investigation Division found. First, hackers with ties to Nigeria compromised the school district’s email systems, hacking into and taking control of an employee’s account.

Stollsteimer declined to comment specifically on how the hackers gained access to the school employee’s email account, citing the active federal fraud investigation. There was no evidence that a school district employee was involved in the scheme, he said.

Using the compromised email account, the hackers were able to send legitimate-looking emails to the state comptroller’s office, requesting a change in the bank account from which payments to the Department of Education district of Pennsylvania are filed.

Between December 2020 and February 2021, 25 payments were diverted to the hackers’ account, according to Garrity.

In the second part of the scam, officials said, the thieves attacked a recently widowed Florida woman via a fake e-Harmony online dating profile. They persuaded the woman, who had banking experience, to act as a “money mule”, transferring the stolen funds through bank accounts and eventually into cryptocurrency.

“Thanks to the swift action of the Treasurer’s Office, this audacious attempt to rob Chester schoolchildren and Commonwealth taxpayers has been thwarted,” Stollsteimer said. “The scale and complexity of the scheme, however, is alarming and reminds us all of the importance of protecting our technology, as well as the dangers of conducting financial transactions with – or on behalf of – people unknown to you.”

Had the thieves succeeded, Stollsheimer said, the district likely would have struggled to pay its teachers last year.

The Delaware County District Attorney’s Office began its investigation into the missing funds in February 2021, after the receiver’s office overseeing Chester Upland’s finances contacted law enforcement to report that it had no not received millions of dollars in grant payments owed by the Pennsylvania Department of Education.

At the same time, the state treasurer’s office received an alert that an $8.5 million payment request from the Department of Education had been flagged as potentially fraudulent.

The Treasury worked quickly to identify and recall the misdirected funds, officials said Friday, recovering $10.3 million.

But the district is still waiting just over $3 million in missing money, said Nafis J. Nichols, who was appointed receiver in August 2021 — several months after the hack. Chester Upland is in talks with his insurance company and the state Department of Education for help in recovering the extra funds, he said.

He called the stolen money “very detrimental to the finances of the district because we are already a financially troubled district.” In order to stay afloat, Nichols said, the district has had to make “many, many adjustments” to its budget, while building improvements in the district have largely been shelved.

Attacks involving the use of emails to scam school staff have increased over the past six years, according to a report by K12 Security Information Exchange, a national nonprofit organization that analyzes cybersecurity threats to schools. .

After the hack, Nichols said, Chester Upland implemented “lots of different measures” to ensure more cybersecurity, including two-step email login, frequent password change requirements and training. of the IT team to prevent potential future attacks.

The state has also beefed up its security by adding a fraud prevention verification tool as well as a system designed to flag suspicious transactions, officials said. All agencies, boards or commissions receiving payments from the Treasury will be required to use approved fraud prevention providers for their money transfers, officials said.

A Pennsylvania Department of Education spokesperson said the hack “did not involve any compromise of PDE systems or data,” but declined to comment further.

Although Chester Upland’s former financial recovery plan involved plans to turn over some or all of its schools to charter management companies, Nichols said that is no longer the case. The receiver’s office is creating a new financial recovery plan, he said, although details are still under wraps.

Emphasizing consistent district leadership and the goal of improving not only the district’s financial position but also its educational rigor, Nichols said his goal is “to work very aggressively over the next three years to get us to the finish line”.

©2022 The Philadelphia Inquirer. Distributed by Tribune Content Agency, LLC.


About Author

Comments are closed.