Content
Skip to Main ContentAccessibility Help
Hamilton

Burlington, Ont., recovers most of $500K lost in 2019 phishing scam

An employee responded to what turned out to be a phishing email to change banking information for an existing vendor, and sent $503,026.66 to a falsified bank account. The city has been trying to get the money back ever since.

Mayor says city has improved security since and recovered 84 per cent of money

Justin Chandler · CBC News ·
Portrait of Burlington Mayor Marianne Meed Ward.
Burlington Mayor Marianne Meed Ward said city staff acted quickly to minimize the impact of a phishing scam. (Michael Charles Cole/CBC)

The city of Burlington, Ont., has recovered most of the roughly $500,000 it lost in a 2019 scam and has since upped its security game, says Mayor Marianne Meed Ward.

"They say, 'It's not if it's going to happen to you, but when,'" Meed Ward said in an interview last week. "We've already had our when, we got our money back, and we've made steps to make sure that this will never happen to us again."

As CBC Hamilton previously reported, the fraud occurred in May 2019, when a city worker responded to what turned out to be a phishing email to change banking information for an existing vendor, and sent $503,026.66 to a falsified bank account. 

Meed Ward said that's a significant amount, representing about a 0.25 per cent property tax increase. And she said she worried Burlington wouldn't ever get the money back. 

"When this first happened to us, we were told the odds of finding out who it was and recovering the money [were low] because it moves very quickly between accounts. But our staff acted really quickly as soon as they realized the mistake."

'A successful resolution,' staff say

The city has been attempting to get back the money in the years since.

Last month, it recovered $100,000 of the lost money, following criminal court proceedings against one person connected with the fraud, according to a Dec. 6 report to the city's audit committee from Justyna Boroch Hidalgo in Burlington's legal department. The money was paid back to city as part of a plea negotiation.  

The city also negotiated with its insurer to claim $250,000 under the insurer's cyber crime policy, said the report. It recovered over $72,000 through civil litigation as well.

That brings the total recovered to over $422,000 — about 84 per cent. 

"At this time staff are of the view that the maximum amount of recovery has been achieved with all viable options for recovery fully explored and exhausted," the report said. 

"Given the complexity of this matter, [84 per cent] is a relatively high rate of recovery and a successful resolution for the city." 

Meed Ward said Burlington has improved its cyber security practices and training since the incident, ensuring employees know how to recognize phishing, and automatically screening incoming emails.

This year, Ontario institutions including libraries and hospitals have been the targets of cyber attacks.

"Every organization is a target. If you have money and if you have a database of names, then you are a target," Meed Ward said. "It's really as simple as that."

ABOUT THE AUTHOR

Justin Chandler

Reporter

Justin Chandler is a CBC News reporter in Hamilton. He has a special interest in how public policy affects people, and he loves a quirky human-interest story. Justin covered current affairs in Hamilton and Niagara for TVO, and has worked on a variety of CBC teams and programs, including As It Happens, Day 6 and CBC Music. He co-hosted Radio Free Krypton on Met Radio. You can email story ideas to justin.chandler(at)cbc(dot)ca.

CBC's Journalistic Standards and Practices|About CBC News
Corrections and clarifications|Submit a news tip|