‘Nasty and sophisticated cybercriminals’ stole £1.1m destined for Bedford school

Written by Sam Trendall on 16 August 2022 in News

Luton Borough Council and regional local enterprise partnership were victims of fraudsters

The headquarters of Luton Borough Council    Credit: Alex Liivet/Public domain

Luton Borough Council was the victim of “nasty and sophisticated cybercriminals” who stole £1.1m in planned funding for a local secondary school.

The money, which was due to be provided to Mark Rutherford School in Bedford, was diverted in spring 2020 after hackers accessed the account of an employee of the South East Midlands Local Enterprise Partnership (SEMLEP) – which runs the funding programme through which the grant had been awarded.

The cash was being held in a bank account of Luton council – the body to which SEMLEP is accountable, according to a report from the Local Democracy Reporting Service.

Posing as a SEMLEP representative, hackers contacted the authority claiming that the school’s bank details had changed, and providing updated information for the account to which it should be transferred. After realising the money had gone missing in April 2020, the council alerted Bedfordshire Police.

A full investigation was subsequently embarked upon by the National Investigation Service (NATIS): a specialist law-enforcement entity focused on serious organised crime perpetrated against public-sector bodies. NATIS has now published a full report on its findings – although a statement from Luton council reveals that investigators’ work goes on.

Related content

“Despite extensive inquiries and identifying several potential suspects, NATIS has been unable to recover any of the funds,” the authority said. “Its investigation continues and is likely to be long-term and worldwide”

Council chief executive Robin Porter welcomed the publication of the report, which he said came in light of “much misinformation circulating in the media and social media for the last two years about the council’s role in this case”.

“The findings confirm that it wasn’t the council’s system which was compromised, and we’re pleased that the investigation clears this up”, he added. “But this crime shows how vigilant all organisations need to be with such nasty and sophisticated cybercriminal gangs operating around the world. We accept the conclusions of the NATIS report. As a result of this incident, we’ve introduced higher levels of risk management to further strengthen our payment policies and ensure extra checks are made when we’re sent requests such as change of bank details.”

About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page




Please login to post a comment or register for a free account.

Related Articles

Data watchdog urges against further FoI exemptions
9 June 2023

Information commissioner warns MPs of risks of absolving agencies of transparency requirements

ICO urges Capita customers to ‘check their position’ after 90 organisations report data breaches
31 May 2023

Technology services firm has revealed two data-compromising incidents in recent week


Digital Leaders’ Download: Ex-HMPPS leader Farrar on how technology was crucial in helping prisons’ pandemic response
31 May 2023

In the first of a series of interviews with government’s biggest figures, PublicTechnology and CDDO caught up with  Jo Farrar to discuss exploring virtual reality and AI, and why it’...

MoJ reprimanded by ICO after ‘bags of confidential documents’ exposed for over two weeks
25 May 2023

Sensitive data was left unsecured in prison holding area, according to data watchdog

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...