DC Office of Zoning Reports Targeted Phishing Campaign Against Permit Applicants | The Locally Times
The DC Office of Zoning confirmed that 1 unauthorized breach resulted in the exposure of sensitive applicant data.
On October 14, 2024, the DC Office of Zoning issued a formal notification regarding a sophisticated phishing campaign targeting individuals seeking building permits. According to the 1 official advisory released by the agency, unauthorized actors successfully gained access to internal communication channels used by applicants between September 20, 2024, and October 10, 2024. The investigation indicates that 3 distinct types of permit applications were specifically targeted by the attackers. During this 21-day window, the perpetrators sent fraudulent emails requesting payments of $500 to $2,500 to expedite pending zoning reviews. The DC Office of Zoning clarified that 0 legitimate permit fees are ever requested through unofficial email domains or private payment links. Records show that 14 applicants reported receiving these suspicious messages, prompting an immediate review of the agency's digital security protocols. By October 12, 2024, the IT department had implemented 2 new layers of multi-factor authentication to prevent further unauthorized access. The agency is currently working with 1 federal cybersecurity task force to trace the origin of the phishing emails. Officials noted that 100% of the affected applicants have been contacted directly via official government channels. The DC Office of Zoning has advised that any payment requests exceeding $0 should be verified through the main office line, which handles over 500 inquiries per month. As of October 15, 2024, there have been 0 confirmed instances of financial loss reported by the victims. The agency has allocated $50,000 toward a comprehensive audit of its database infrastructure to ensure that 100% of applicant records remain secure. This incident follows a 15% increase in phishing attempts reported across various municipal departments throughout the 2024 fiscal year. The DC Office of Zoning maintains 1 central portal for all official transactions and reminds the public that no permit processing fees are processed outside of this 1 secure environment. Further updates regarding the investigation will be provided by the agency on November 1, 2024, or as new evidence becomes available. The agency currently employs 45 staff members who are undergoing mandatory cybersecurity training to prevent similar breaches in the future. Applicants who encounter suspicious communications are encouraged to report them within 24 hours to the designated security office. The DC Office of Zoning remains committed to protecting the data of its 10,000 annual permit applicants.