NORFOLK, Va. (WAVY) — The FBI is investigating a hack of the Norfolk Airport Authority after $389,000 was sent to a criminal’s bank account through five payments.
According to court documents, in March 2022 someone hacked Norfolk Airport Authority email accounts. They pretended be an account representative for the airport. They told one of their vendors — Avis Car Rental — that the airport changed its payment procedures. The hacker provided an account and routing number to a JPMorgan Chase bank account.
In a statement to 10 On Your Side, NAA Executive Vice President and Chief of Staff Steve Sterling confirmed that the investigation is still ongoing.
“Upon discovering the incident, we immediately began working with federal and state law enforcement,” Sterling wrote. “The Norfolk Airport Authority also engaged leading cybersecurity forensic experts, who confirmed that NAA systems were secure and that no personal nor payment information was compromised. The Authority takes cybersecurity extremely seriously and we are continuing to improve our security posture. We are committed to ensuring the ongoing security of our operations.”
The FBI also would not comment on the investigation, but recommended that anyone impacted by cyber crime visit ic3.gov.
Greg Tomchick of Valorr Cyber Security said that attacks such as this increase during the holiday season. He said that many hacks occur when email users unknowingly give bad actors their passwords through a phishing email.
“We’re continuing to see organizations being taken advantage of. To us it is the basics, but making sure you’re training your folks — this is one of those things that’s most critical to your business is email,” Tomchick said. “We need to go back to using the phone to double-verify before those big-ticket items come about.”