N※N

Cleveland Public Library recovers nearly $400K lost in vendor payment scam

  //business-finance.news-articles.net/content/202 .. ers-nearly-400k-lost-in-vendor-payment-scam.html
  Published in Business and Finance on Tuesday, September 16th 2025 at 14:28 GMT by Cleveland.com
          ^{🞛 This publication is a summary or evaluation of another publication 🞛 This publication contains editorial commentary or bias from the source}

Cleveland Public Library Reclaims Nearly $400,000 Lost in Vendor Payment Scam

In an unexpected turn of events, the Cleveland Public Library (CPL) announced on Tuesday that it had recovered almost $400,000 that had vanished in a sophisticated vendor payment scam that unfolded over the past year. The funds, which were originally destined for community‑based projects and library operations, had been siphoned off by a fraudulent third‑party vendor account. Thanks to a swift internal audit, cooperation from financial institutions, and law‑enforcement intervention, the library has managed to retrieve the vast majority of the misappropriated money—leaving only a modest balance of roughly $10,000 still missing.

The case is a stark reminder that even public institutions with robust financial controls can fall prey to increasingly cunning cyber‑fraudsters. The CPL, which serves a population of nearly 900,000 across Greater Cleveland, has long been lauded for its digital transformation initiatives, including an automated vendor payment system that was rolled out in 2021. That system was designed to streamline payments to suppliers and reduce paperwork, but the very same mechanism that improved efficiency also provided a convenient conduit for attackers.

How the Scam Unfolded

According to CPL’s Chief Procurement Officer, Melissa Ramirez, the fraud began when a vendor—pseudonymously referred to as “Acme Supplies” in internal documentation—began submitting invoices that were almost identical to legitimate orders. The invoices included subtle changes in vendor numbers and banking details, but the amounts matched the library’s typical spending patterns. “When we cross‑checked with the vendor’s public record, we realized the name matched an unregistered business,” Ramirez explained. “We had no record of this vendor in our database.”

The fraudulent vendor was actually a shell company set up by a criminal network operating out of Ohio and Pennsylvania. By exploiting the library’s vendor portal, the scammers were able to add themselves as a new vendor and redirect payments that were meant for community projects—such as book‑mobile expansions and digital literacy initiatives—to their own accounts. The illicit transactions ranged from $20,000 to $45,000 each, totaling approximately $395,000 over a six‑month period.

Discovery and Response

The scam was first flagged by the library’s internal auditor, who noticed a series of “anomalous vendor transactions” during a routine audit. The audit report was immediately escalated to the CPL Finance Director, Kevin Li, and the city’s Office of Public Procurement. In a statement to the public, Li said, “We acted quickly to stop further disbursements and to trace the flow of funds.” The CPL then requested that all pending payments be held in a “cold‑store” account while the investigation unfolded.

The investigation involved several stakeholders:

• Ohio Department of Commerce, Division of Business Licensing: The department helped confirm that “Acme Supplies” was a shell entity with no legitimate business operations.
• Bank of America, Cleveland Branch: The bank flagged the suspicious outbound wire transfers and worked with the library’s internal security team to trace the money trail.
• Federal Bureau of Investigation (FBI): Given the cross‑state nature of the fraud, the FBI opened a case under the “Cyber Fraud” docket and was instrumental in coordinating with state prosecutors.

Within two weeks of the audit’s findings, the FBI’s Cleveland field office issued a “payment reversal” request to the bank, which returned 97% of the stolen funds—approximately $383,000. The remaining $12,000, which had been deposited into an account that was closed before the reversal could be executed, remains recoverable under ongoing legal action.

Lessons Learned and New Safeguards

In the wake of the scam, CPL has implemented several new layers of security to prevent a recurrence:

1. Multi‑Factor Authentication for Vendor Portal: Every vendor now requires two forms of identification—something the vendor knows (e.g., login credentials) and something the vendor possesses (e.g., a one‑time code sent to a registered mobile number).

2. Vendor Verification Protocol: Before onboarding a new vendor, the CPL now mandates a triple‑check against the Ohio Department of Commerce’s business registry and a background check for any suspicious flags.

3. Automated Transaction Monitoring: Any payment that deviates from a vendor’s historical spending pattern by more than 20% triggers an automatic hold and requires executive approval.

4. Quarterly Vendor Audits: The finance department will conduct a quarterly audit of all vendor accounts, focusing on any newly added vendors or unusual transactions.

“We’re grateful for the swift action by our partners and the diligence of our own staff,” Ramirez said in a press conference. “This incident has been a wake‑up call for all of us to double down on transparency and accountability.”

Community Impact

CPL’s annual budget for 2025 stands at roughly $45 million, with around 8%—or $3.6 million—allocated for vendor services, community programming, and facility upgrades. The loss of nearly $400,000 represented a significant blow, especially as the library was gearing up for the launch of a new “Digital Innovation Hub” slated for the fall of 2025. The hub will feature a makerspace, coding workshops, and a state‑of‑the‑art research database.

The library’s Board of Trustees expressed gratitude to the city for the rapid recovery and vowed to reallocate any remaining funds to essential services, including staff training and collection expansion. “We do not want this incident to derail our mission,” said Board Chair, Dr. James O’Connor. “We remain committed to serving Cleveland’s readers and learners.”

Looking Ahead

While the recovery of $383,000 is a significant achievement, the case underscores the need for ongoing vigilance. The CPL has partnered with the Cleveland Police Department’s cybercrime unit to conduct a community outreach program aimed at educating small‑business vendors about safe payment practices. Additionally, the library is exploring the use of blockchain‑based vendor payment verification to add an immutable layer of auditability to its transactions.

For more information on the CPL’s financial policies, readers can visit the library’s official website, where a detailed report on the 2025 fiscal year and the vendor payment recovery is available. The Cleveland City Clerk’s Office has also posted a revised procurement guideline that incorporates lessons from this incident, ensuring that future vendor interactions meet heightened security standards.

As Cleveland’s flagship public institution, the CPL’s resilience in the face of this fraud will likely serve as a model for other municipalities grappling with similar threats. The library’s ability to recover most of the lost funds, coupled with its swift policy overhaul, demonstrates that even in an era of sophisticated cyber‑crime, transparency, collaboration, and proactive oversight can prevail.