Palisades Park officials say nearly $500,000 is missing from its accounts in bank breach

Officials in Palisades Park were notified last week that nearly half a million dollars had been drained from its accounts at Mariner's Bank, the borough's mayor and business administrator said Wednesday.

Mariner's Bank, which is based in Edgewater and has seven locations in Bergen County, told the officials that $460,000 was missing from the borough's accounts as a result of a fraudulent wire transfer, said Dave Lorenzo, the borough administrator.

"It was a massive failure of internal controls by the bank to let this happen," Lorenzo said. "When we put taxpayers' money into institutions, we want them to be protected."

Mayor Christopher Chung said it is possible that the theft is related to a hacking attack on the borough's computer system. Emails were compromised, he said, though he did not say how borough officials were made aware of of the breach. He did not give additional details of the alleged attack.

Borough officials, he said, are cooperating with the U.S. Secret Service, which investigates financial and cyber crimes, as well as the FBI and the Bergen County Prosecutor's Office.

"The investigation is still going on," Chung said. "We are still in the preliminary stage of looking into what happened."

A call to the FBI's field office in Newark rang with no answer. The Secret Service's New Jersey Field Office and the Bergen County Prosecutor's Office did not immediately respond to requests for comment.

Roy Riggitano, the borough's chief financial officer, said he was not able to immediately comment on the matter.

More: Fred Daibes, Mariner's Bank and what you need to know

More: Palisades Park suspends school security program and calls for investigation

Officials at Mariner's Bank could not be reached.

The bank has been on the radar of state and federal regulators at various points over the last decade. In 2012, the state Banking Department and the Federal Deposit Insurance Corp. ordered it to address a wide range of financial safety and soundness concerns, including issues with asset quality, internal controls and deals with insiders. The following year, a former CEO was sentenced to a year in prison and was ordered to pay almost $514,000 in restitution after admitting that he conspired to commit bank fraud to obtain a $1.48 million mortgage for a client.

In October, the bank's founder, Fred Daibes, a prominent Bergen County developer, was indicted by a federal grand jury on charges that he conspired to circumvent lending limits set by Mariner's without the knowledge of the FDIC. Daibes, 61, of Edgewater, was chairman of the bank's board until 2011 but remains the majority shareholder and chairman of Mariner's Bancorp, the parent company of Mariner's Bank.

Councilmen Frank Donohue, Paul Kim, Henry Ruh and Andy Min did not immediately respond to phone messages seeking information about the breach. Councilwoman Cynthia Pirrera said she was unaware of the situation when reached by phone Wednesday night.

A rash of cyberattacks

The town is the latest victim of cyberattacks targeting New Jersey municipalities.

"It seems like an epidemic," Chung said. "This is happening to many municipalities. It's a big problem."

Cyberattacks and ransom viruses have been reported in Elmwood Park, Fair Lawn, Oakland, Rockaway Township and Montville.

In Elmwood Park, a cyberattack temporarily shut down portions of the borough network this month, according to Police Chief Michael Foligno, who also serves as the borough administrator.

Similar attacks were reported across the state toward the end of 2018 and have continued into the new year, according to the Municipal Excess Liability Joint Insurance Fund, which provides insurance coverage to towns throughout New Jersey.

Most of the attacks involve a strain of ransomware called Ryuk, the insurance fund said in a statement.

"The New Jersey Cyber Communications and Integration Cell indicated Ryuk is very advanced, killing many processes and embedding itself deep into the system, in addition to deleting backup files, making it difficult to successfully overcome," the statement said.

Previous attacks using Ryuk have involved ransom demands exceeding $100,000. The ransomware appears to enter the system through email phishing campaigns, weak remote desktop protocol passwords and stolen credentials, the insurance fund said.

Email: cattafi@northjersey.com