(UPDATE 10:45-a.m.) Nishna Valley YMCA loses nearly $50,000 in cyber attack


December 7th, 2011 by Ric Hanson

The Nishna Valley Family YMCA in Atlantic has lost nearly $50,000 in a cyber attack. Dan Haynes, Executive Director at the YMCA, told reporters this (Wednesday) morning during a Press Conference, that their computer systems were recently infected by a virus that targeted their ACH financial transactions. He said the YMCA sustained loses under $50,000, and due to banking regulation, some of those funds may be frozen and may eventually be recovered. He says there are two separate batches of accounts, one for $9,000 and one for $4,000 that have been frozen.

He said they found out about the questionable transactions after they were notified by their financial institution on November 23rd. Haynes went on to say that it does not appear the virus went after their members’ personal financial information, but it’s possible some of that information, such as checking or bank account routing numbers, may have been compromised. He said those members who make one annual payment or those who do payroll deductions have not been affected.

Haynes said according to the authorities who are investigating the crime, anyone who has been a member of the YMCA for longer than 6 months, that their information is ok, but there’s no guarantee that is the case, because the incident is still under investigation.

He said because their computers are still being examined by the FBI, and they won’t know the full extent of the damage for at least another two- to three-months. Haynes said the cyber-thieves are primarily targeting businesses that handle large ACH transfers, those over $100,000, for example. But anyone with concerns about their ACH transactions should take some precautions to make sure their money is safe.

He says that would include closely monitoring your bank account and notifying your financial institution, local law enforcement and the Iowa Attorney General’s Office, if you see any unauthorized activity.  Experts also recommend you contact the three U.S. credit reporting agencies (Equifax, Experian or Trans Union), to find out if there have been changes to your credit report.

Haynes says the YMCA does have high quality computer security systems, but the virus is virtually undetectable by antivirus software and current firewall technology, because it morphs or changes so frequently, those systems cannot keep up. He added that this is the first time they have experienced this type of security breach, and they’re working with the authorities to make sure it doesn’t happen again.

The theft means the YMCA has had to dip into its reserve funds to pay the bills for the month of December. He says if those funds are not recovered, it may mean putting off the purchasing of new equipment or making some repairs next Summer, but it will not affect their financial assistance programs. If you have any questions about the ACH cyber attack on the YMCA’s computers, call Dan Haynes at 712-243-3934.