IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Chester Upland Schools Lost Millions to Email Hacking Scheme

A Pennsylvania school district has recovered most of $13 million stolen by international thieves who hacked an email account, used a fake dating profile to lure an accomplice and laundered deposits via cryptocurrency.

Hacker with laptop and dangling IDs
Shutterstock
(TNS) — International thieves siphoned $13 million in state aid from the Chester Upland School District last year in an intricate plot involving hacked emails, cryptocurrency and a sham e-Harmony romance with a Florida widow, officials said Friday.

Following a "long and complex investigation," Pennsylvania State Treasurer Stacy Garrity and Delaware County District Attorney Jack Stollsteimer said that around $10.3 million of the missing state subsidy money had been recovered and returned to the school district.

Chester Upland School District says millions of dollars are missing. The DA has launched a probe.

But around $3 million was laundered into cryptocurrency and remains missing, with the thieves responsible being investigated by federal authorities, according to Stollsteimer. No charges have been filed, and Stollsteimer declined to answer questions about the ongoing federal investigation and the hackers' identities.

"The people who shouldn't be victims here are the students of the Chester Upland School District, one of the poorest districts in Pennsylvania," Stollsteimer said. "We need to convince the commonwealth and the Department of Education to make them whole."

The Chester Upland School District — home to around 7,200 public school students, including those who attend charters — has been under financial receivership by the state since 2012.

The scheme occurred in two parts, detectives from the Delaware County Criminal Investigation Division found. First, hackers with ties to Nigeria compromised the school district's email systems, hacking in and gaining control of an employee's account.

Stollsteimer declined to comment specifically on how the hackers were able to access the school employee's email account, citing the active federal investigation into the fraud. There was no evidence that any employee of the school district was involved in the scheme, he said.

Using the compromised email account, hackers were able to send legitimate-looking emails to the state Comptroller's Office, requesting a change in the bank account from which the payments to the district from the Pennsylvania Department of Education are deposited.

Between December 2020 and February 2021, 25 payments were diverted to the hackers' account, according to Garrity.

In the second part of the scam, officials said, the thieves preyed on a recently widowed Florida woman through a fake e-Harmony online dating profile. They persuaded the woman, who had banking experience, to act as a "money mule," transferring the stolen funds through bank accounts and eventually into cryptocurrency.

"Thanks to quick action by the treasurer's office, this audacious attempt to steal from the school children of Chester and the taxpayers of the commonwealth was thwarted," Stollsteimer said. "The scope and complexity of the scheme are, however, alarming and remind us all of the importance of keeping our technology protected, as well as the perils of conducting financial transactions with — or on behalf of — individuals unknown to you."

Had the thieves been successful, Stollsteimer said, the district likely would have had to struggle to pay its teachers last year.

The Delaware County District Attorney's Office began its investigation into the missing funds in February 2021, after the receiver's office overseeing Chester Upland's finances contacted law enforcement to report that it had not received millions of dollars in a subsidy payment due from the Pennsylvania Department of Education.

At the same time, the state treasurer's office received an alert that an $8.5 million payment request from education department had been flagged as potentially fraudulent.

The state treasury worked quickly to identify and recall the misdirected funds, officials said Friday, recovering $10.3 million.

But the district is still waiting for just over $3 million in missing money, said Nafis J. Nichols, who was appointed receiver in August 2021 — several months after the hack occurred. Chester Upland is in talks with its insurance carrier and the state Department of Education for help in recouping the additional funds, he said.

He called the stolen money "very detrimental to the district's finances as we're already a financially distressed district." In order to stay afloat, Nichols said, the district had to make "many, many adjustments" to its budget, while building improvements across the district were largely sidelined.

Attacks involving the use of email to scam school staff have been on the rise over the last six years, according to a report by K12 Security Information Exchange, a national nonprofit that analyzes cybersecurity threats to schools.

Following the hack, Nichols said, Chester Upland put in place "a lot of different measures" to ensure more cybersecurity, including two-step email log-in, frequent password change requirements, and IT team training to prevent potential future attacks.

The state, too, strengthened its security, adding a fraud-prevention verification tool as well as a system designed to flag suspicious transactions, officials said. All agencies, boards or commissions receiving payments from the state treasury will be required to use approved fraud-prevention vendors for their money transfers, officials said.

A spokesperson for the Pennsylvania Department of Education said the hack did not "involve any compromise of PDE systems or data" but declined to comment further.

Though Chester Upland's former financial recovery plan involved blueprints to turn over some or all of its schools to charter management companies, Nichols said that is no longer the case. The receiver's office is in the process of creating a new financial recovery plan, he said, though details are still under wraps.

Pointing to consistent district leadership, and the goal of improving not only the district's financial picture but also its educational rigor, Nichols said, his goal is "to work very aggressively over the next three years to get us to the finish line."

©2022 The Philadelphia Inquirer. Distributed by Tribune Content Agency, LLC.