To date, the City of Burlington has recovered $322,641.67 of a $503,026.66 fraudulent vendor payment made in May 2019. The recovery of monies comes as a result of a Superior Court of Justice action commenced by the City, and a claim made by the City to its insurer pursuant to its Cyber Crime Policy.

In May 2019, the City discovered it was a victim of fraud, due to a single transaction made to a falsified bank account. This was a result of a complex phishing email to City staff requesting to change banking information for an established City vendor. The transaction was in the form of an electronic transfer of funds made to the vendor in the amount of approximately $503,000 and was processed on May 16, 2019. 

Upon learning of the fraudulent payment, the City took immediate steps. The unauthorized payment was reported to the City's financial institution and the Halton Regional Police, and the City put additional internal controls in place to prevent this type of fraud from occurring in the future. Criminal investigations are also underway by the appropriate authorities.

A full review of the City's current processes has taken place. The City's IT system was not compromised during this incident; no personal information was stolen or shared.

To maintain the integrity of ongoing investigations, the City will not be commenting further at this time.

Quotes

Mayor Marianne Meed Ward:

"I know the public will welcome news that we've been reimbursed for a substantial amount of the funds stolen via fraud. The quick action of staff and the police has contributed to the recovery of these funds. I thank them for their efforts. There are additional avenues we are exploring to secure the remaining balance. We've also significantly increased our internal controls to ensure this never happens again."

Tim Commisso, City Manager:

"The City is committed to being open, accountable and transparent about the city's finances. Thank you to staff and law enforcement who have worked diligently to help recover these funds. The City has thoroughly reviewed the underlying cause of this event and implemented enhanced internal controls to mitigate against any recurrence of this type of fraud."