On February 26, 2021, the Quincy Retirement Board was a victim of a sophisticated cybercrime in which a bad actor gained access to the City of Quincy’s IT system, and while posing as the then recently departed Quincy Retirement System Executive Director, the bad actor authorized a fraudulent redemption and transfer of $3.5 million in System assets to an unknown overseas account. Upon becoming aware of the fraudulent activity, the Board immediately notified the appropriate state and federal law enforcement and regulatory agencies, and the Board fully cooperated with the subsequent civil and criminal investigations into this matter. The City and the Board undertook a comprehensive review of its internal security systems and security protocols to implement policies and procedures to thwart any further unauthorized incursions into the IT system. Unfortunately, the identity of the bad actor was never discovered.
The Board also hired outside counsel who has expertise in securities litigation matters to explore the possibility and viability of claims against those third parties involved in the unauthorized and fraudulent transaction. The Board, after conferring with outside counsel, is satisfied that it has taken all reasonable and necessary action to recover the stolen funds, and that internal security protocols have been implemented so that this type of illegal activity will not occur in the future.