A scammer stole more than $269,000 from the Juneau School District last fall.
City and Borough of Juneau Finance Director Jeff Rogers outlined the incident in a memo shared with the Assembly Finance Committee during its meeting Wednesday.
He said someone claiming to be one of the district’s vendors asked to change their banking information. They used a “spoofed email address that varied slightly from the vendor’s last known email address,” according to the memo.
CBJ recommends that staff contact vendors separately to verify requests like these. But the district didn’t double check with the real vendor, Rogers wrote. Once the banking information was changed, the scammer stole $93,477.17 on Oct. 7 and $175,600.23 on Nov. 4.
By the time the city’s finance department contacted the FBI, Juneau Police Department, CBJ Law Department and First National Bank of Alaska on Dec. 7, it was too late to recover the funds.
At an Assembly Finance Committee meeting Wednesday night, Rogers said it’s a strategy school district staff should have known about.
“This particular scheme is very common,” he said. “You can’t listen to a webinar about fraud, you can’t go to a financial conference, you can’t step out your front door without hearing that this is really a very successful method for fraudsters to use.”
Scammers used a similar method in 2019 to steal more than $329,000 from the city.
The city has a risk fund for these kinds of events and could cover $250,000 of the district’s loss. But, according to Rogers, the Juneau School District hasn’t filed a claim with the CBJ Risk Manager or the city’s third-party insurers.
“I know that there has been communication from the CBJ Risk Manager to the school district, and there has not been communication back,” Rogers told the Assembly.
The district also hasn’t discussed the loss publicly, he wrote in his memo.
“Since mid-December, CBJ Finance, Law, Risk and the Manager have been in regular contact with JSD staff about the importance of disclosing this financial crime to the public. To-date, that disclosure has not occurred,” Rogers wrote. “Hence, I feel it is my fiduciary responsibility as the CBJ Finance Director to disclose this event to the CBJ Assembly and the Juneau public at this time.”
Juneau School District Superintendent Bridget Weiss said she has communicated with the city.
When reached Thursday afternoon, Weiss said she told the city in mid-February that the school board would discuss potential insurance claims in executive session at its March 7 meeting. She said the district received Rogers’ memo shortly before the finance committee meeting began.
“I think we have been in contact. Have we made all the final decisions related to this? We have not,” Weiss said. “And the board has a planned executive session on Tuesday to have this very conversation, and that was scheduled when Jeff Rogers submitted his memo to the Assembly.”
Rogers said city leaders have asked the district to make the public aware of the incident since mid-December. But Weiss said the district was waiting for more information from the investigation, which is still ongoing.
“We very much work hard as a district and a school board in being transparent, but we wanted to make sure we had all the information we could have, because then we can share more publicly if we know exactly what happened and what can be shared,” she said.
Weiss said the attack was external, and not from someone within the district. She said the district requires annual cybersecurity training and is reviewing its protocol.
Wednesday’s Assembly Finance Committee meeting also included a discussion of the school district’s request for additional funding from the city. The committee moved the request to the full Assembly for a final decision.
Editor’s note: This story has been updated with comment from Juneau School District Superintendent Bridget Weiss.