Eagle Mountain recently lost nearly $1.13 million in an organized cybercrime, city leaders announced on Monday.
"This crime was orchestrated through an email impersonation wherein the individual(s) responsible were able to portray themselves as a representative of a vendor working closely with the city on a major infrastructure project," Eagle Mountain officials said.
The incident happened on Aug. 31. The city then took "immediate action" and contacted the Federal Bureau of Investigation, the Utah County Sheriff's Office and the vendor, according to the release.
City workers involved in the incident have been cooperating with authorities.
"Further investigation determined that the amount stolen was transacted through an Automated Clearing House transfer. Since learning of the incident, (Eagle Mountain) has spent significant time strengthening its financial policies regarding ACH payments," city officials said.
City spokesman Tyler Maffitt said the money was transferred in a single transaction.
When asked how such a large sum was lost, Maffitt said, "It appears someone with intimate knowledge of the situation, either by hacking or some other method, was able to insert themselves in an ongoing email thread to pose as a representative of the vendor. That allowed them to convince our city staff to send the transfer to an account that did not belong to the actual vendor."
Eagle Mountain previously purchased an insurance policy for cyber crimes and attacks, according to the statement, and the city is working with the insurance company to be reimbursed. Maffitt said the city is "confident" it will be reimbursed for the stolen money.
"The city wants to provide reassurance that no resident, client or vendor information was compromised in any way as a result of this incident. Those affected will continue cooperating with investigators until the case has reached its conclusion. At this time no city or vendor employees are under suspicion of wrongdoing," city officials said.