By Wood Alter. As many residents may have heard, CPNO was the victim of fraud last fall. First and foremost: as of the time of this publication, all funds stolen from CPNO have been made whole by Chase Bank. This article serves to document the events and detail the changes made by CPNO to minimize the risk of fraud of this nature from occurring again in the future.
On September 19, 2025, three illegitimate payments were issued from CPNO’s account to three separate organizations, all to same vendor named Vitaly Zalupin. $9,000 was sent to Sandberg Garage, $9,000 was sent to Stewart & Rose Repair, and $6197.87 was sent to Get ‘Er Done Construction for a total of $24,197.87 stolen from CPNO. Each transaction fell below the $10,000 threshold that would have triggered an automatic review by Chase Bank. Given the glut of activity leading up to Fall Fest 2025, the transactions flew under the radar. As soon as the transactions were identified as fraudulent, Chase Bank was notified and began their investigation. On November 13, 2025, Chase refunded the total amount stolen.
The nature of the fraud was determined to be Automated Clearing House (ACH) fraud. ACH fraud may be committed by someone stealing banking credentials or by someone acquiring a paper check that contains the necessary routing and account info, among other methods. CPNO does not know the exact cause of the fraud, as it’s possible the information necessary was gained illegitimately any number of ways: a vendor that had taken a picture of a paper check getting their photos hacked; an email account that sent sensitive information in the past that was part of a data breach; an old check incorrectly disposed of by a vendor that was collected from the garbage – all possibilities, and all outside the control of CPNO. Given that Chase Bank has not provided details of the results of their investigation, it is likely the residents of Candler Park will never know exactly what happened.
That said, CPNO has instituted new policies to prevent ACH fraud moving forward. The Chase Bank account connected to the fraud has been closed, and all funds have been transferred to a new account. Alerts are now generated on transactions that exceed a much lower threshold to ensure earlier detection should an issue arise. Electronic transactions require multi-factor authentication, and only the treasurer has payment authority. No paper checks have been printed for the new account, and the only paper checks that will ever be issued will be sent directly from Chase Bank to the recipients, at which point the check must be verified upon receipt by the treasurer in order for payment to be disbursed.
This experience was stressful for all involved, and as a community we are grateful that all stolen funds have been reimbursed. Our processes had been unchanged for decades, so the fraud served as an opportunity to reevaluate how transactions were handled and update the way CPNO does business to protect it more going forward. We thank the dedication of all individuals involved in bringing this issue to light and ensuring we were made whole, especially the CPNO and Fall Fest Treasurers.