City of Portland continues cybersecurity investigation, pays affordable housing provider for stolen $1.47 million

Press Release
The City continues its internal investigation into a recent cybersecurity breach. The incident has been referred to the Federal Bureau of Investigation and the Portland Police Bureau.

The City of Portland continues to investigate a recent cybersecurity attack, which allowed an unknown party to fraudulently redirect a $1.47 million payment for an affordable housing project. 

Based on preliminary findings, the criminal activity was limited to a single Portland Housing Bureau transaction in late April and a second, unsuccessful attempt that was flagged by the Housing Bureau in May. No other losses or additional security breaches have been identified.  

Whoever conducted this criminal activity did so by gaining access to a City employee’s email account and manipulating a transaction that was part of the employee’s normal duties. A City cyber response team – including police, technology, finance and legal staff – has found no evidence that City employees knowingly or intentionally contributed to the security breach.  

There is no indication that customer, community member or business service partner information was compromised. As part of its ongoing investigation, the City is working to confirm that initial assessment. The City remains at a heightened level of security to ensure that no other breaches are occurring. 

The cybersecurity attack has been referred to the Federal Bureau of Investigation and the Portland Police Bureau.  

Meanwhile, the housing project at the heart of the incident is moving forward: The Starlight is expected to open this fall in the Old Town neighborhood, offering 100 affordable housing units. Last week, the City paid housing provider Central City Concern the $1.47 million it was owed, which was stolen in the fraudulent transaction. An ordinance at City Council next week, if passed, would authorize a cash transfer from the City’s general fund to cover the cost. 

The City is pursuing reimbursement for as much of the stolen money as possible through cybersecurity insurance and other means, but won’t have resolution for some time. 

Prior to this incident, the City had measures in place to protect data security, including required training, targeted awareness exercises, and a variety of barriers to prevent and detect attempted breaches. During the past month, the City has identified – and begun implementing – additional training, technology and protocols to further enhance cybersecurity.