Key Takeaways
- Aurora city officials confirmed a sophisticated cyber attack that generated fraudulent ACH payments from municipal accounts, discovered on April 30.
- The city maintains that its internal systems were not compromised, but the exact monetary loss remains under investigation.
- Law‑enforcement partners, including the Aurora Police Department and the FBI, are actively probing the incident; the city has recovered some funds and expects to retrieve the full amount, aided by cyber‑insurance coverage.
- Aurora works with NuHarbor Security, Inc. for cyber‑security services and employs regular KnowBe4 training and phishing exercises for staff.
- Due to the ongoing nature of the investigation, officials have limited the details they can release about personnel, departmental specifics, and investigative findings.
Overview of the Incident
The city of Aurora disclosed that it fell victim to a cyber attack that resulted in unauthorized, fraudulent payments being drawn from its bank accounts. According to Mayor John Laesch, the breach was identified on April 30, just one day after the illicit transactions occurred. While Laesch characterized the attack as “very sophisticated,” he emphasized that preliminary assessments indicate the city’s core internal networks were not penetrated. The nature of the compromise therefore appears to involve the misuse of legitimate payment credentials rather than a direct intrusion into Aurora’s IT infrastructure.
Discovery and Timeline
Aurora’s finance team detected the anomalous activity on the morning of April 30 and promptly alerted city leadership. The timing—discovery the day after the fraudulent ACH transfers—suggests that the attackers executed the transfers swiftly and then concealed their tracks, prompting an immediate internal review. Mayor Laesch noted that the city acted quickly to contain the exposure, although he refrained from disclosing any precise dollar figure at that stage, citing the ongoing investigative process.
Nature of the Fraudulent Payments
The illicit transfers were conducted via Automated Clearing House (ACH) transactions, a common electronic method for moving money between banks and credit unions. As outlined by the federal Consumer Financial Protection Bureau, ACH payments typically require the originator to provide a bank account number and routing number, which businesses often use for bill payments. In Aurora’s case, attackers apparently obtained or fabricated the necessary banking details to divert city funds through this channel. The use of ACH underscores how cyber criminals can exploit trusted payment mechanisms without necessarily breaching deeper system defenses.
City’s Response and Recovery Efforts
Once the fraudulent payments were identified, Aurora implemented immediate mitigation steps to halt further unauthorized transfers and began a recovery process. A statement provided to The Beacon‑News indicated that the city remains optimistic about recovering the missing funds, noting that it carries insurance coverage for cyber‑related losses. Mayor Laesch later confirmed that some of the money has already been reclaimed, although he declined to specify the amount recovered thus far, reiterating that the city will continue working with law‑enforcement partners until “all of it or more of it” is retrieved.
Law Enforcement Involvement
The Aurora Police Department, in coordination with federal authorities, is treating the incident as an active criminal investigation. While the FBI confirmed its awareness of the situation, it declined to comment on whether it is conducting a formal probe, citing U.S. Department of Justice policy regarding ongoing investigations. A police spokesperson echoed the city’s stance, emphasizing that the active and ongoing nature of the case limits the amount of information that can be publicly shared at this time.
Statements from Officials
Mayor Laesch explained that the city has refrained from making the incident public until the investigation advances, to avoid compromising its integrity. In a formal statement, Aurora officials asserted that they are not commenting on specific departmental details, investigative findings, personnel matters, or other aspects of the ongoing process. They expressed gratitude for the cooperation of internal and external partners, underscoring a collaborative approach to resolving the breach.
Cybersecurity Measures and Partnerships
Aurora has contracted NuHarbor Security, Inc. to provide cyber‑security services, a relationship that was solidified toward the end of the previous year. Concurrently, the City Council approved the KnowBe4 cybersecurity training program for employees, aiming to bolster awareness of phishing and social‑engineering threats. According to Laesch, the city conducts regular internal training sessions and phishing exercises, which staff are required to complete. These preventative measures reflect Aurora’s commitment to strengthening its defensive posture despite the recent breach.
Limitations on Information Disclosure
Because the investigation remains active, both municipal and law‑enforcement representatives have placed strict limits on what can be disclosed. Officials have stated that they cannot reveal specifics about the exact financial loss, the identities of any potentially involved personnel, or the technical details of how the attackers obtained the ACH credentials. This cautious approach is intended to preserve evidentiary integrity and avoid tipping off any parties that might still be engaged in the fraudulent scheme.
Conclusion and Outlook
While the Aurora cyber attack has highlighted vulnerabilities in payment‑process controls, the city’s swift detection, coordinated response, and existing cyber‑insurance coverage provide a foundation for recovery. Ongoing collaboration with the Aurora Police Department, the FBI, and private security firms such as NuHarbor Security aims to trace the perpetrators, retrieve the misappropriated funds, and fortify defenses against future incidents. As the investigation progresses, additional details may emerge, but for now the city remains focused on resolving the case and reinforcing its cyber‑resilience posture.