ao link
Twitter
Linked In
Bluesky
Threads
Twitter
Linked In
Bluesky
Threads

You are viewing 1 of your 1 free articles

Housing association defrauded of nearly £1m after falling victim to cyber scam

A housing association has had its governance rating downgraded after it was defrauded out of almost £1m as a result of cyber scam carried out earlier this year.

Linked InTwitterFacebookeCard
Picture: Getty
Picture: Getty
Sharelines

Red Kite Community Housing has lost almost £1m after cyber criminals mimicked the domain and email details of known suppliers #ukhousing

“I would encourage all organisations urgently to review their processes for a single point of failure,” says Mike Gahagan, chair of Red Kite Community Housing, following cyber attack #ukhousing

Red Kite Community Housing, which owns around 6,500 homes in Wycombe, discovered it was a victim of criminal fraud in August last year.

Police efforts are currently underway to reclaim the £932,691.48 loss, after criminals mimicked the domain and email details of known contacts that were providing services to Red Kite.

The landlord, which last year had a turnover of £34.9m, said it immediately reported the incident to the police, its insurance company and the Regulator of Social Housing (RSH) upon its discovery.

In a regulatory judgement released today, the RSH had downgraded its governance rating from G1 to G2 due to “a basic failure in its system of internal control”, exposed by the fraud.


READ MORE

The social housing sector is getting better at tackling fraud but the hard work must continueThe social housing sector is getting better at tackling fraud but the hard work must continue
The types of fraud social landlords are most vulnerable to and how to prevent themThe types of fraud social landlords are most vulnerable to and how to prevent them
Value for money reporting weaknesses could affect regulatory judgements, warns regulatorValue for money reporting weaknesses could affect regulatory judgements, warns regulator
We were conned by cyber criminals and we want the sector to learn from our experienceWe were conned by cyber criminals and we want the sector to learn from our experience

The judgement said: “Improvements are required to Red Kite’s control framework to ensure that key financial controls are robust, operating in line with established policies and procedures and with appropriate leadership oversight.”

A statement from the association said it must await the conclusion of the police investigation before commenting fully.

However, Red Kite said typical business email compromise attacks see criminals intercept emails, request a change of bank details and replicate genuine invoices with altered bank details, which results in funds being sent to the wrong account.

In a comment piece written for Inside Housing, Mike Gahagan, chair of Red Kite, said the organisation had renegotiated a finance deal in order to save the company an additional £1.1m and minimise the impact of the crime.

The regulator has maintained Red Kite’s V1 viability grading and said it “has an adequately funded business plan, sufficient security in place and is forecast to continue to meet its financial covenants under a wide range of adverse scenarios”.

Mr Gahagan said: “Red Kite takes no solace from the fact this type of fraud is sadly becoming commonplace.

“Our staff work hard to look after every penny of our £35m turnover. I join my fellow board and staff team members in being greatly distressed by this theft.

“We do however want to reassure tenants and suppliers that this loss has been more than offset by recent savings and thus has not impacted our operations in any way, as confirmed by our regulator and our continued V1 status.

“We have worked with external consultants to strengthen our systems significantly going forward. I would encourage all organisations urgently to review their processes for a single point of failure.

“We regularly detect and dismiss fraudulent attempts and our processes worked for seven years. However, our lesson is that human error can occur even with clear processes and training, so providing secondary checks are a necessary protection.”

Linked InTwitterFacebookeCard
Add New Comment
You must be logged in to comment.