LAWTON, OK — Nearly eight years after a sophisticated Trojan malware outbreak crippled city systems, Lawton finds itself once again navigating the aftermath of a major digital breach—this time involving a $224,840.34 fraudulent wire transfer linked to the Lawton Economic Development Authority (LEDA).
At the July 8, 2025 City Council meeting, LEDA representative Richard Rogalski confirmed that an investigation is ongoing, with assistance from the Lawton Police Department, FBI, and the United States Secret Service. Due to the multi-state nature of the incident, Rogalski said he was limited in what could be disclosed publicly.
“This is what’s startling about it,” Rogalski said during the meeting, timestamp ~43:00 on YouTube. “The fraudulent email came inside of an email stream that had been going on for days… I can’t even tell which emails are real and which are fraudulent.”
According to Rogalski, the scam unfolded through a highly convincing manipulation of an ongoing correspondence with a legitimate vendor—likely the result of a compromised email account. The attacker inserted payment instructions to a fraudulent bank account under the vendor’s name.
“We don’t even find out what happened until over a month later when I get a text from the actual vendor saying, ‘Hey, that wasn’t me.’”
City staff confirmed that policy changes are already in motion to prevent similar incidents. These include updated wire transfer procedures and new requirements for city-supported authorities to follow centralized purchasing policies.
“Even though that money was under the control of the authority, it’s still public money,” noted the City Manager. “So we felt we had an obligation to act.”
🔁 A Pattern Repeating: 2017’s Trojan Outbreak
This isn’t the first time Lawton’s digital infrastructure has been compromised.
In August 2017, the city was struck by a polymorphic banking Trojan that disabled over 500 municipal computers, shutting down email, utility billing, court services, and payroll operations for weeks. City officials described it as a sophisticated virus that bypassed traditional antivirus defenses and spread rapidly.
Residents were forced to pay bills in person, court operations halted, and internal communications ground to a standstill. IT staff and outside contractors worked around the clock to restore systems, at a cost of around $100,000.
Despite the severity of that breach, there was no confirmed theft of personal data—and no major cybersecurity overhaul was publicly documented in its aftermath.
🧩 When Will the Next Disruption Be—And What Will It Cost?
While the 2017 incident stemmed from malware and the 2025 case from social engineering and fraud, both reflect exploitable weaknesses in municipal oversight and digital process controls. Whether through trojans or cleverly crafted emails, attackers found cracks in the system—cracks that continue to cost the public.
With federal investigators now involved, the LEDA fraud may yet reveal more about how municipal systems operate behind the scenes. For now, residents are left asking a new question:
When will the next disruption be—and what will it cost?