City of Burlington announces online fraud

The Canadian city announced on June 13th that it had become a victim of fraud, resulting in a loss of C$503,000.

On Thursday, May 23rd the City of Burlington discovered that it had become a victim of fraud. A transaction had been made to a falsified bank due to a “complex phishing email” being sent to city staff requesting to change banking information for an established city vendor.

“The transaction was in the form of an electronic transfer of funds made to the vendor in the amount of approximately $503,000 and was processed on May 16.”

The city has taken the appropriate steps upon learning of the fraudulent payment. The Halton Regional Police and the city’s financial institution have been notified. Additionally internal controls have been put in place to prevent this from occurring in the future and a criminal investigation is underway.

“The city can confirm that our IT system was not compromised during this incident; no personal information was stolen or shared.”

Mayor Marianne Meed Ward said:

“This was a case of online fraud with falsified documents at a level of sophistication not typically seen and we are taking the necessary steps to prevent it from happening in the future.

“This stresses just how important it is that we are all vigilant and recognize the signs of online fraud, phishing and other scams, and report them to the proper authorities — so that no one becomes a victim of this type of criminal activity.”

The city will not be providing any more additional information in order to maintain the integrity of ongoing investigations.

Ilia Kolochenko, founder and CEO of web security company ImmuniWeb said:

“Humans remain the weakest link in any organization. Properly implemented security controls can reduce the risk of human error but not eliminate it. Worse, cyber-criminals will now purposely target smaller organizations that cannot afford to invest in their cybersecurity.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.