Municipality’s Costly Cyber Fraud Case Remains Unsolved

by: Chris Kitching

Winnipeg Free Press

Lawyers representing a Manitoba municipality, which lost nearly $425,000 in a “cyber attack,” have taken the unusual step of placing a newspaper ad to quash any speculation about the theft.

The huge sum was siphoned from the Rural Municipality of WestLake-Gladstone’s account with Portage la Prairie-based Stride Credit Union in a series of electronic withdrawals in December 2019 and January 2020.

Law firm DD West LLP, which is representing the RM in a pair of lawsuits, took out an advertisement in Thursday’s Graphic Leader, a Portage-area weekly newspaper, to warn residents against making inappropriate claims or comments.

“We can advise the residents and ratepayers of WestLake-Gladstone that there is no evidence the chief administrative officer took or misappropriated the funds or was involved in any manner whatsoever with respect to taking the funds,” wrote the law firm, which has a Winnipeg office.

The CAO, who discovered money was missing from the account Jan. 6, 2020, handled the situation “appropriately” and followed proper procedures, the ad states.

“We remind individuals to refrain from any slanderous or libel allegations and request everyone refrain from making unacceptable remarks about or towards the CAO,” according to the notice. “Cyber crime is rampant and, unfortunately, the municipality and Stride Credit Union have been victims of it.”

In October 2020, after the RM publicly disclosed the fraud, WestLake-Gladstone CAO Coralie Smith told the Brandon Sun she discovered the “cyber attack” when she went to print monthly bank statements.

She said the RM didn’t know how the money was withdrawn or who took it.

Previously, the RM said the money was sent to Toronto and then out of Canada.

The case remains unsolved, with the RCMP investigation being stymied.

“The fraud included converting money to Bitcoin, making it very difficult to trace it to the end user,” RCMP spokeswoman Cpl. Julie Courchaine wrote in an email Thursday to the Free Press. “The suspect(s) remain outstanding.

“The file has been concluded unless further evidence should become available.”

The RM — based in Gladstone, about 125 kilometres northwest of Winnipeg — is suing Stride as it attempts to recover $422,776.84. It is also seeking damages and costs.

A separate lawsuit was filed against insurance companies Western Financial Group Inc. and Travelers Indemnity Co.

In a statement of claim against Stride, the RM said $472,377.15 was stolen via 48 unauthorized electronic withdrawals over a 17-day period before, during and after the Christmas holidays.

Five transfers totalling almost $50,000 were intercepted and returned to the RM, according to the statement of claim against the insurance companies.

When it disclosed the “cybersecurity breach,” the RM said its CAO immediately alerted Stride, the RCMP and WestLake-Gladstone’s council to report the theft.

The RM said it asked Stride to replace the funds, and it filed an insurance claim, which was denied.

WestLake-Gladstone used surplus funds to balance its financial plans for the year, the newspaper ad states.

Computer security experts were used to try to find out how the bank account was accessed, follow the trail of online transactions, and recover the money.

Stride previously said it was working closely with the RM, its IT specialists and the RCMP to help determine how the funds were withdrawn.

The credit union said it constantly monitored its online banking system to prevent cyber fraud.

Two cybersecurity experts told the Free Press hackers try to exploit Canadian municipalities and companies using a variety of schemes.

One of the most common tactics is “spear phishing,” which targets specific people or organizations in an attempt to steal credentials or financial details.

Mathieu Manaigre, president of Winnipeg-based Avenir IT, said there has been a “massive increase” in the malicious scheme.

Financial losses may not be covered if a bank account is hacked, he said, noting cyber fraud tends to spike at Christmas because some accounts aren’t being monitored.

Toronto-based cybersecurity and tech analyst Ritesh Kotak said stolen funds are usually wired to an account, converted to cryptocurrency and distributed to digital wallets.

“Each step has a level of anonymity and complexity to it,” he said.

FREE Guide

Complete this form to download our FREE ebook: How to hire an Honest, Competent, Responsive and Fairly Priced IT Provider

Let's get started!