The city of Portland is out $1.4 million after a person or group outside the city used a government email account to commit a fraudulent financial transaction, officials said Friday.
The costly cybersecurity breach occurred in late April but was only discovered weeks later on May 17 when the city flagged a second transaction attempt from the same account, according to a news release issued by the Office of Management and Finance.
“Preliminary evidence indicates that an unauthorized, outside entity gained access to a city of Portland email account to conduct this illegal activity,” spokesperson Carrie Belding said in an email.
The news release did not disclose what bureau or office the email account belonged to or how it could be used to draw down substantial sums of money from city coffers.
Upon learning of the breach, the city said it immediately launched an investigation and notified the Portland Police Bureau, FBI and U.S. Secret Service.
City officials said Friday they would release no additional information in order “to protect the security and integrity of the investigation.”