A subtle change in an email address used to pay a vendor allowed a fraudulent source to pocket more than $16,000 from the quasi-public agency, according to a recent report submitted to state auditors. The authority oversees the New London pier and deep water ports in Bridgeport and New Haven.
Although $14,166 of the $16,666 stolen payment was recovered through an insurance claim, port officials said the incident spurred changes in how it operates and pays bills.
"The Port Authority has undertaken steps to prevent a recurrence of a similar situation," Finance Director Fayola Haynes told state auditors in a Dec. 16, 2025 letter explaining the loss.
Fayola said the port authority has since reviewed its policies and procedures and has renewed its focus on critical factors and loopholes, improved security, data encryption and plans to conduct monthly cyber security training and awareness.
Officials from the authority did not respond to a request for additional comment about their phishing incident.
The Federal Trade Commission says cyber scams, with phishing being a major contributor, cost the U.S. $12.5 billion in losses in 2024. Phishing, a term for sending emails and other messages to gain personal information or mislead recipients, results in 36% of U.S. annual data breaches, experts say.
THE SCAM
According to the letter from Haynes, the port authority phishing incident involved a routine payment for recruitment services to Flagship Management, totaling $16,666. The invoice for the services was received by the authority on Feb. 3, 2025, via the email address of jack@flagshipmat.com.
A follow up email on Feb. 12, sent under the slightly different address of jack@flagshipmigt.com, inquired about the payment and informed the authority that the "vendor is updating its payment information." The port authority processed the $16,666 payment through the latest email address, which turned out to be fraudulent, Haynes explained in her letter.
"Discovery of this fraudulent payment was made on 04/11/2025 when the accurate vendor reached out regarding payment and the Finance Director reviewed the payment history," Haynes wrote. "It was only at this time that the varying domain accounts were observed."
Haynes said the port authority contacted several agencies, including its bank, which attempted to recapture the funds but found the "fraudster had already withdrawn the funds from the recipient bank." The port authority's outside IT services company reported in April it had discovered the source of the breach and provided relevant documents, Haynes said.
The port authority reported the incident to the Old Saybrook Police Department and the FBI, Haynes said, adding "no updates" had been received from either agency.
© 2026 Journal Inquirer, Manchester, Conn.. Visit www.journalinquirer.com. Distributed by Tribune Content Agency, LLC.
