Back to Data breach

Data breach

City of Tallahassee's payroll system hacked—nearly $500,000 stolen.


On April 5, 2019, the city of Tallahassee reported that unknown hackers had infiltrated its human resource management system and diverted $498,000 to another account. Further investigation revealed that the attack may have originated outside the US.

The incident.

When the city workers of Tallahassee didn't receive their paycheck, they notified the bank authorities. The bank then identified that some of the city’s funds were redirected, and immediately notified city officials. Investigations revealed that the third-party vendor hosting the city's payroll application was hacked. The city of Tallahassee’s bank has been working on recovering the funds, and so far it has managed to reclaim twenty-five percent of the stolen money. Law enforcement and the city’s insurance company were promptly notified of the attack.

Surprisingly, this is not the first time the city of Tallahassee has fallen victim to a security breach. Less than a month earlier, a malicious Dropbox link was sent out from the city manager's email account. The impact of this previous phishing attack is not yet known. City officials have not confirmed if the two attacks are related. Generally, phishing attacks are a part of an elaborate, long-term plan to breach a network and siphon off passwords or other sensitive information.

Cyberattacks are hard to detect initially; investing in a good security information and event management (SIEM) solution is the key to identifying threats before they cause significant damage. Download Log360 to combat internal and external security attacks.

Here's how ManageEngine can help.

Log360, our comprehensive SIEM solution, can help your organization by:

  • Alerting security teams in real time about events that require their immediate attention, such as network attacks, unauthorized access attempts to files or folders, security group membership changes, and account lockouts.
  • Detecting unauthorized network access attempts with its built-in Structured Threat Information eXpression (STIX/TAXII) feeds processor. Log360 also has a global IP threat database that can instantly detect known malicious traffic passing through the network, as well as outbound connections to malicious domains and callback servers. Its global IP threat database contains more than 600 million blacklisted IP addresses that are collected from trusted open-source threat feeds and updated daily.
  • Finding potential insider threats with its user and entity behavior analytics engine, which creates a baseline of normal activities that are specific to each user and notifies security personnel instantly when there's a deviation from this norm. Rather than using static threshold values, this tool employs a combination of data analytics and machine learning to define dynamic thresholds based on real-world user behavior.
  • Obtaining important forensic information about incidents. The collected logs can be securely archived to help prove adherence to compliance standards and reduce potential legal penalties during investigations.
  • Automatically raising incidents as tickets to the designated administrator in ServiceDesk Plus, JIRA, Zendesk, Kayako, or ServiceNow to create an incident resolution process that's swift and accountable.

Download a free trial of Log360 to see the tool in action for yourself.


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

2022 Zoho Corporation Pvt. Ltd. All rights reserved.