[Ed. note: The piece was updated after press to include more details, as Carolina Beach town officials held a press conference after announcing the cyberattacks on Feb. 11.]
CAROLINA BEACH — Cybersecurity is top of mind for Carolina Beach officials after the town announced Wednesday nearly $500,000 in funds were stolen from the government in two attacks.
Both cyberattacks occurred in December 2025, according to town officials, who hosted a press conference about the incidents on Wednesday. They have led to a joint investigation by the Carolina Beach Police Department and the Federal Bureau of Investigations.
READ MORE: Carolina Beach’s public access terminal shut down permanently over privacy violations
Due to the ongoing examination of the case, finer details about events and nature of the crimes could not be provided, though what is known is $487,994.80 was taken out of the enterprise and the general funds. The town uses its enterprise fund to cover water/sewer, stormwater, and parking, while the general fund covers daily operations, personnel wages, town facilities, and public safety.
The first attack, which resulted in the theft of $200,000, was discovered Dec. 23 by someone who informed town staff a payment expected from the town had not been received. The second attack led to a roughly $287,000 loss and was discovered on Jan. 6. Town Manager Bruce Oakley said finance staff looked into account details and discovered the missing money.
When pressed for more details — such as what vulnerabilities were discovered that made the town’s software susceptible to attack, what the nature of the attack was, and exactly where it came from — Oakley, Police Chief Vic Ward and Mayor Lynn Barbee could not provide information.
“I don’t want to give more specifics because there’s people involved at this time in the investigation,” Oakley said.
However, Barbee was clear staff followed all town policies and are not to be implicated in the matter.
“This has been a soul crushing experience for our staff of career public servants who manage the public’s money as if it was their own,” he said, adding no personal information or data was compromised in the cyberattacks.
Though the incidents mirror and are related to a separate FBI investigation in another state, Barbee revealed. Police Chief Ward pointed out the source of the cyberattack was international.
The town is still working to recover lost funds, but its cybersecurity insurance allows for up to $25,000 in coverage. The remaining funds will be recovered using the balance from the general fund.
“We have done a great job of coming in under budget every year,” Oakley said, confident in the town’s financial stability. “Hopefully we’ll recover a lot of the funds, but we’re still waiting to see.”
He added for the past five or six years, Carolina Beach’s finances have been steadily improving, with staff working diligently to be conscientious about spending. Should any additional amendments need to be made to accommodate the fund recovery, the town manager will bring a budget amendment proposal to town council for approval.
The town is also looking into potentially increasing insurance coverage.
Town officials suspect the cyber attacks came about because of vulnerabilities presented as ongoing changes in the town’s cybersecurity system were occurring. The town underwent a transition following an intensive analysis conducted by the National Guard last year to address cybersecurity deficiencies, especially as hacking and scam technology becomes more sophisticated and government agencies have become targeted more as of late. The results led to town staff undergoing further cybersecurity training, with the town’s software actively being updated.
Barbee added the National Guard’s assessment of the cybersecurity system was needed after noticing national “alarming trends.” He detailed the FBI’s 2024 Internet Crime Complaint Center noted Americans have reported more than $16 billion in financial losses from cyber crime.
“A 33% increase over the prior year,” Barbee said.
While town staff has been actively working to update cybersecurity practices and policies over the past year, only recently has it led to policy change proposals coming before council — including at last month’s town meeting when council unanimously approved a user-protection policy change.
Town staff have been implementing changes, such as managing user passwords requirements, providing better security training to staff, using encryption as needed, not aggregating employee emails in a single location without proper security controls and legitimate business justification, among others.
The town is also applying multi-factor authentication methods for security log-ins, and doubling down on payment processes, undergoing further checks and approvals before the money goes through to a recipient. Barbee said he wants to explore limiting how much money can be approved to send out prior to verbal verification between the town and payees.
The town plans to hold regular meetings with its IT vendor at Dataprise. Port City Daily inquired as to whether the town would continue contracting with the company following the attacks, and Barbee commented on some apprehension when entering the most recent meeting with the company’s representatives. However, he was alleviated following the discussion.
“I think they’ve done a good job,” the mayor said. “We did come out of there with some action items that we need to tighten the loop a little bit … That we need to be more diligent more often.”
According to a spokesperson from Dataprise, the attack did not impact “systems monitored or managed by Dataprise.”
The town also has removed its public access terminal, which allows anyone to utilize the town-owned laptop to view internal emails, documents and plans government staff and elected leaders are discussing. It was removed due to concerns over privacy law violations and cyber security measures regarding sensitive information, like personnel or vendor account data being shared.
The cybersecurity attacks were unrelated to terminal access, as noted by Oakley at Tuesday evening’s town council meeting. However, Dataprise, the National Guard, and town officials said there was no staff or filtration system redacting personal information in place and found the best solution was to remove it altogether.
The town will continue to work with Dataprise, law enforcement, and cybersecurity experts to monitor the situation as the investigation is ongoing.
The news of the cyberattack in Carolina Beach comes one month after Pender County also announced it lost over $650,000 in funds due to a false raw water vendor account impersonating the Lower Cape Fear Water and Sewer Authority.
Beginning in late September, Pender County staff transferred money to a scammer’s bank account after receiving a request to change the banking information. Earlier that month, the county received an invoice amounting to $581,975 from a legitimate vendor. The county continued to pay additional monthly payments to the fraudulent account, including $28,261 on Nov. 13 and $29,761 on Dec. 4, until the LCFWSA notified county staff about the missing funds.
[Ed. note: The article has been updated to include that the impacted system was not managed by the town’s IT vendor, Dataprise.]
Have tips or suggestions for Emily Sawaked? Email [email protected]
At Port City Daily, we aim to keep locals informed on top-of-mind news facing the tri-county region. To support our work and help us reach more people in 2026, please, consider helping one of two ways: Subscribe here or make a one-time contribution here.
We appreciate your ongoing support.
