Almost half a million dollars was diverted out of the city of Tallahassee’s employee payroll Wednesday after a suspected foreign cyber-attack of its human resources management application.

Hackers attempt every day to breach the city’s security, officials say, but this week's operation netted about $498,000.

The employees have all been paid, said city spokeswoman Alison Faris, and officials are working to determine the hack’s origins.

More:City of Tallahassee direct deposit payroll system hacked; attack marks second hack in a month

“Early indication is that it was possibly initiated outside of the U.S.,” Faris said in an email.

The out-of-state, third-party vendor that hosts the city's payroll services was hacked and as a result the direct deposit paychecks were redirected. Employees throughout the city’s workforce were affected.

Hackers and Tallahassee targets:

The city is working with its bank to recover the money and already has recouped 25 percent of the missing funds. It is also in touch with its insurance company and law enforcement to pursue criminal charges.

Officials learned of the security breach when the city's bank contacted them and employees awoke to notice they had not been paid. This is the second time in a month the city's online security has been compromised.

Last month, a Dropbox link was sent out from the email account of City Manager Reese Goad. The phishing email, which originated externally, contained a virus. It is unclear how many people the email went to, but there does not appear to be any lingering impacts, officials said.

Faris said the two attacks do not appear to be related, but IT professionals say phishing attempts can often garner passwords and other data that give hackers the tools to strike.

“Usually the way they get in is through email," said Blake Dowling, president of technical support and cyber security company Aegis Business Technologies. “Those happen all the time. If you’re not trained to be on the lookout for something, about how that may look or feel or the implications, it can bring your city to a crawl.”

Even for IT professionals, cyber-attacks can be tricky to recognize, Dowling said. Their imprint can be as minute as a slow internet browser or momentary delay in a document.

Secure networks can easily fall prey. Once a breach happens, Dowling said, ransomware can covertly record key strokes and collect data behind the scenes until it’s used in an attack like the one on the city this week.

The Tallahassee hack is the latest attack on area government targets.

Security protocols in the Thomas County School System in Thomasville thwarted an attempted payroll attack last month in which hackers tried to steal $2 million. Atlanta’s city government was crippled by cyber attackers demanding it pay $51,000 in the crypto currency Bitcoin, which it refused to pay.

In 2017, Leon County's website fell prey to hackers who changed its home page to a photo of North Korean Supreme Leader Kim Jong-un and audio of a 1964 Ronald Reagan speech. No important data was compromised in the attack by the ISIS-linked group.

Contact Karl Etters at ketters@tallahassee.com or @KarlEtters on Twitter