The City of Eagle Mountain lost $1.13 million dollars in a cyberattack, according to a statement released Monday.

What has been described as an “organized cybercrime” took place on Aug. 15, when the perpetrator was able to impersonate a vendor working with the city on a major infrastructure project: WW Clyde, an Orem-based construction company.

“We were in email communication with the actual vendor when it appears that somebody, either through hacking or through some other means, was able to insert themselves inside of that email thread, posing as a representative of the vendor and using an email handle that looked quite similar to the vendor,” said Tyler Maffitt, spokesman for Eagle Mountain.

The money was then transacted to whom city employees believed to be a representative of WW Clyde through an automated clearing house, or ACH, transfer.

“Over the course of the next several days to two weeks through back and forth with the company, we discovered and determined on Aug. 31 that we were the victim of an organized cybercrime,” Maffitt said.

According to a statement released by the city, the FBI was contacted within minutes after it came to light that a crime had taken place.

According to the statement, those affected by the crime have been cooperating with investigators and will continue to do so until the case has reached its conclusion. No city or WW Clyde employees are under any suspicion of wrongdoing.

“The City wants to provide reassurance that no resident, client, or vendor information was compromised in any way as a result of this incident,” the statement reads.

Eagle Mountain had previously purchased an insurance policy to prepare for the possibility of cybercrime or attack and is currently working with that insurance company for loss reimbursement.

“Organizations of this size are often targeted for these sorts of scams, these sorts of cyber crimes with some regularity, and it’s unfortunate in this day and age that that happens, but it does happen,” Maffitt said. “Luckily, Eagle Mountain City preplanned for a possibility or eventuality such as this, and we have an insurance policy that is directly related to being victimized by cybercrime. … We are in talks with that insurance provider to have those funds returned to us.”

In the meantime, the city is working to bolster its financial policies in regard to ACH payments to protect against future cyber attacks.

“We are working with our insurance provider and with the Utah state government trust to strengthen our ACH transfer policies,” Maffitt said. “This will add layers of accountability and oversight, possible completing of phone calls to the vendor to confirm account information; it will also keep us honest in our processes and add that extra layer to the process to make sure this doesn’t happen in the future.”

Newsletter