"We weren't optimistic at all that we would see any of it," Finance Director Emily Oster said. "So, then to have it all returned has been really, really good news."
The city recovered the payment May 29 but announced it to The New Mexican just this week.
The payment was stolen from the city's online vendor payment portal, Tyler Munis, after a hacker gained access to the account of roadwork constructor GM Emulsion and changed the bank account information in the system, officials said. They were notified of the hack after Wells Fargo flagged a payment that had gone to an unfamiliar bank account.
The $324,000 was for work GM Emulsion had done at the Santa Fe Regional Airport. The construction company has a number of other contracts with the city for infrastructure projects, including the ongoing Guadalupe Street reconstruction.
Oster said initial efforts to recover the money were unsuccessful. City information technology and Finance Department staff then worked with the software vendor to track the IP address of the entity that had accessed GM Emulsion's account.
The vendor provided the information to the Santa Fe Police Department, who in turn worked with the FBI on an investigation. Wells Fargo's fraud division was then able to access the account the money had been sent to and return the amount to the city, Oster said.
Oster said the investigation pointed to Texas as well as international locations, making it unusual the recovery was a success.
"It's rare that this type of fraud would result in a recovery like this, especially when some of the activity was international," she said, "but in this case the city of Santa Fe was very fortunate and we were able to recover every penny."
It was unclear if a suspect had been identified in the theft. Santa Fe police didn't respond to requests for comment.
GM Emulsion had yet to be paid by the city by the time the money was recovered. Part of the city's efforts to address the hack included shutting down its Tyler Munis account and creating a new one that had not been breached. Payments have since resumed, Oster said.
The city implemented additional internal controls to prevent a similar situation in the future, she added, including contacting vendors outside the online payment platform every time there is a vendor-initiated change to payment information to confirm the change is legitimate.
The city is also working with Tyler Munis on upgrades to the vendor platform to make it more secure and is transitioning management of the software from the IT Department to the Finance Department. A new position was created in the Finance Department to handle the work at the start of the fiscal year, Oster said.
©2025 The Santa Fe New Mexican, Distributed by Tribune Content Agency, LLC.
