Hackers allegedly breached the School District of Philadelphia’s payment system several times in 2024 and stole nearly $700,000. They posed as legitimate vendors and manipulated the ACH (Automated Clearing House) system to divert payments into fraudulent accounts. The city controller, Christy Brady, disclosed the breach during a press conference, noting that the issue came to light during the annual fiscal audit.
The fraudulent transfers occurred on four separate dates between February and March 2024.
The largest payment, over $563,000, was meant for flood damage repairs, while the remaining transfers, totaling more than $126,000, were related to compensatory services. None of the payments have been recovered, and the real vendors have not received their funds. The identities of the attackers and the financial institutions involved have not been disclosed.
The district normally pays vendors by paper checks unless ACH payments are specifically requested.
Hackers managed to gain access and request wire transfers through this system. Brady submitted the findings to the Pennsylvania Attorney General, while the district also alerted the FBI and internal oversight offices. Superintendent Tony Watlington emphasized that the district has since implemented stronger internal controls.
Despite the breach, Watlington reaffirmed the district’s commitment to transparency and financial discipline. He noted that the district had clean audits for more than a decade and had recently achieved its highest credit rating in 40 years. However, this incident comes amid concerns about future federal education funding, adding further pressure on the district’s budget and operations.
Reference:
