Justice Department helped return majority of $573,000 lost to email breach and phishing attack.
Invest Nova Scotia (Invest NS) is making progress in recouping more than half a million in funds it lost to an email breach and phishing attack this past May.
The breach resulted in $573,000 intended for Halifax-based venture capital firm Sandpiper Ventures being transferred to an imposter’s bank account. The incident went undiscovered for two weeks and was not widely reported until late July. The province’s economic development agency responded by engaging with the Department of Justice to file a court application requesting the funds from a frozen Royal Bank of Canada (RBC) account identified in connection with the cyber crime.
Strategic communications director Shawn Hirtle told BetaKit in an email statement on Friday that the court application successfully resulted in the return of approximately $551,000 dollars in August. He added that Invest NS has engaged with the Department of Justice soon after to submit another court application for the return of an additional $20,000 from a frozen Bank of Montreal (BMO) account, which had received the funds from the aforementioned RBC account before it was frozen.
Hirtle said there remains an “outstanding gap” of $2,500.
RELATED: Justice Department involved following Invest Nova Scotia employee email scam
Invest NS detailed the circumstances surrounding the loss of funds in a July statement to BetaKit. According to the statement, six days after receiving a request for an installment payment from a partner on May 16, Invest NS received another email that appeared to be from the same contact person but with new banking instructions for an account at RBC.
Invest NS added that the change in banking instructions request was corroborated through a follow-up email that appeared to be from another contact person within the partner organization. The agency then discovered that funds had been misdirected on June 6, two weeks after it had transferred approximately $573,000 to the RBC account, as a result of a targeted cyber attack that accessed an employee’s email account.
Following the breach, Invest NS told BetaKit that it took immediate steps to contain the unauthorized access once discovered, including deactivating the specific email account, resetting all employee passwords, and locking down its server from accepting logins from jurisdictions deemed high risk.
Featured image courtesy Invest Nova Scotia via LinkedIn.