QUINCY — More than $3 million is missing from the city’s pension fund after an investment manager fell victim to an email phishing scheme, a state board of overseers said. The money has not been recovered.
The Quincy Retirement Board is under investigation by the Public Employee Retirement Administration Commission after one of its investment managers received an email from a former employee’s board email account, which had been hacked. The email included instructions for a $3.5 million wire transfer, which the manager made in February of 2021.
John Parsons, executive director of the commission, said he believes the transaction was “the result of human error and a breakdown of security controls.”
The Quincy Retirement Board did not learn of the fraudulent transfer until months later and, in October of 2021, reported it to the commission. The commission, which oversees local retirement boards, then notified its other members of the incident and warned them against such phishing and ransomware schemes.
Quincy: Hackers broke into city servers, demanded money in exchange for data
The memo advised retirement boards to review and confirm security processes, review IT user access authorizations and “ensure there is diligent scrutiny by vendors and the board of all periodic bank and investment statements.”
“We will be working with all parties involved to address this situation and will transmit further information as warranted,” the memo stated.
Neither the email hack…
