Lock Haven City Manager hacking incident resolved
LOCK HAVEN, PA – Infradapt, the City of Lock Haven’s IT company, has notified city officials that an “email compromise” issue with the email account of City Manager Greg Wilson has been “neutralized” without the loss of any data.
The Allentown-based company had been notified on Tuesday of this week about the hacking attempt. It shared its findings with the city on Wednesday and Thursday, Kasey Campbell, Community Life Director, released the findings:
To Whom It May Concern,
Infradapt is Managed IT Services Provider that specializes in offering public sector entities with a range of services including IT support, proactive maintenance and cyber security management, among other services.
As the City of Lock Haven managed service provider for information technology administration and cyber security, Infradapt became aware on Tuesday November 14th of a business email compromise (BEC) affecting city manager Greg Wilson’s Microsoft 365 email account.
Shortly after being detected the threat was neutralized. After performing forensics on this event Infradapt have concluded the following details:
• As of November 8th an anonymous threat actor gained access to the gwilson@lockhavenpa.gov account.
• A private Verizon email account, unrelated to the city, was exploited to circumvent security protocols for the city manager’s Microsoft 365 email account, effectively allowing access to the account.
• On November 14th, this access was then used to send an email impersonating Greg Wilson to all contacts with attachments containing phishing links that should not be clicked on.
• An in depth review of the logs available through the Microsoft 365 platform does not indicate that any data was downloaded, or that any other malicious action was taken by the perpetrators.
While industry standard protocols are followed to protect the City of Lock Haven and its users, maintaining the integrity of a network is a dynamic challenge. Infradapt is proud to represent that our team responded rapidly to identify the threat and restore its security within minutes of it first becoming detectable.
Moving forward, Infradapt intends to work with the City to review actionable best practices along with new technologies that can prevent incidents such as these from happening in the future.
Larry Carbonell vCIO