Philadelphia’s School District strengthened security after two cyber scams in March 2024 led to nearly $700,000 in fraudulent payments, officials said Thursday. (Credit: The School District of Philadelphia)
After two cyber fraud incidents in March 2024 involving nearly $700,000 in misdirected payments, the School District of Philadelphia implemented new safeguards to better detect and report suspicious activity, according to a Thursday statement.
Monique Braxton, the District’s Deputy Chief of Communications, said several measures have been implemented to combat cyber fraud, including revised bank confirmation and payment validation processes, along with added internal rules and monitoring.
The first incident involved an external district contractor whose email was hacked by an unauthorized third party. The outside actor posed as the district’s contractor and requested payments of $563 thousand.
Once discovered, the fraud was reported to the Federal Bureau of Investigation and the District's Office of Inspector General for investigation.
Later that month, a second incident was reported where another external vendor from a known email address requested that the district change its payment method for the $126 thousand payment owed to the vendor. After the payment was sent, the vendor reported to the district that it had not received the listed amount.
Similar action was taken for the second incident. The district reported no breach of its financial or student data systems in either case.
“These steps aim to reduce the risk of phishing attacks, business email compromise scams and other cyber threats,” Braxton wrote in the statement. “While continuing to accelerate academic achievements, the District has also stabilized its finances and made targeted investments.”
