Two Louisiana parish governments have been lately hit by cyberattacks that diverted greater than $1.3 million in public funds, in line with new experiences from the state legislative auditor.

In separate impartial audits, St. Helena Parish Police Jury and St. Charles Parish authorities have been recognized as victims of vendor-payment fraud schemes that exploited weaknesses in native inside controls and cybersecurity.

In St. Helena Parish, auditors reported that $48,348 in American Rescue Plan Act funds was stolen from the police jury’s checking account on Could 10, 2024, after workers acquired a fraudulent e-mail and follow-up telephone name from somebody posing as a legit vendor. The imposter requested that the system the seller makes use of to switch cash be up to date, and supplied a hyperlink within the e-mail. Employees later acquired a telephone name claiming points with the web fee and have been informed to replace the banking particulars earlier than sending the funds.

The fee was made utilizing the altered account data, and the fraud wasn’t found till the true vendor referred to as on Could 13 to say they’d not been paid. An investigation decided police jury workers e-mail accounts had been hacked. The incident was reported to the St. Helena Parish Sheriff’s Workplace, the legislative auditor and the police jury’s financial institution, and a declare was filed with the parish’s insurance coverage service.

Whereas the auditor categorized the incident as theft of public funds, the police jury mentioned it has “absolutely recovered” the $48,348 by way of insurance coverage, that means taxpayers finally didn’t bear the loss. The fraudster has not been recognized, and the audit doesn’t state whether or not any prison expenses are being pursued.

The auditor really useful St. Helena undertake stricter safeguards, together with use of Optimistic Pay, an automatic fraud detection software, to match issued checks and digital transactions. The auditor additionally advised banning funds initiated by way of e-mail hyperlinks and bettering monitoring and updating of firewalls and different safety protections. Parish leaders informed auditors they’re reviewing and strengthening their inside controls, investing in new know-how and rolling out worker coaching to raised shield public funds and knowledge.

St. Helena officers couldn’t be reached for remark.

St. Charles Parish sustained a a lot bigger loss. In response to its impartial audit, the parish was the sufferer of a cyberattack by which certainly one of its third-party distributors was hacked. Info taken from that vendor was then used to vary the seller’s banking data on file with the parish, permitting a fraudulent fee of over $1.26 million to be routed to an unauthorized account.

As of the date of the audit report, the parish had recovered $360,180 from the monetary establishment concerned and $500,000 from its insurance coverage insurance policies — leaving roughly $404,000 nonetheless unrecovered. The auditor mentioned the investigation into the fraud remained energetic, and the perpetrator has not been recognized.

Auditors concluded that St. Charles Parish’s inside controls didn’t detect the fraud in a well timed method and that “there weren’t acceptable controls over adjustments in banking data for distributors,” which allowed the fee to be diverted. Parish officers informed auditors they’ve since adopted new inside management procedures and begun utilizing new software program that requires all distributors to submit their banking data by way of a system that topics them to “rigorous scrutiny” earlier than any funds are made.

St. Charles officers couldn’t be reached for remark.