Nueces County officials announced on Oct. 15 that they have recovered the remainder of about $2 million in taxpayer funds that were lost in an email phishing scam that impacted the Nueces County Courthouse over the summer.
By working with the county’s depository, Frost Bank, the county recouped $1.94 million that officials said was misdirected in five separate instances of email phishing attacks that struck the courthouse in July.
“We would like to thank our bank depository, Frost Bank, for their swift actions in helping us recover the funds so quickly,” a news release from the county read. “While this was an
unfortunate incident, Nueces County has since tightened our internal controls and policies regarding such incidents from occurring.
“We are doing everything in our power to prevent this from happening again,” the news release said.
Nueces County interim Auditor Constance Sanchez said in a news conference on Sept. 8 that officials had recovered $56,850 lost in the first
instance.
The latest announcement concerns two instances involving larger transactions for $999,214.12 and $937,777.10.
Sanchez said during the Nueces County Commissioners Court meeting on Oct. 8 that the county employees who were responsible for the loss of money are no longer employed by the county.
A forensic
investigation of the cybersecurity attack continues.
The Nueces County Sheriff’s Office began investigating the email phishing attack based on a tip from an individual in the county’s Risk Management Office, the Caller-Times previously reported.
The Nueces County risk manager could not be reached for comment on Oct. 15.
County officials became aware
of the cybersecurity attack in late August after a fraudulent email caused a single check to be transferred from a county department to a bank, Sanchez told reporters on Sept. 8.
During the examination, officials uncovered that the attack resulted in a substantially larger amount of money than the $58,000 that they first suspected had been lost.
Nueces County
Commissioners voted on Sept. 10 to approve emergency contracts with three cybersecurity companies to conduct the forensic investigation of the incident.
The county temporarily stopped wire transfers for payments, with the exception of payroll, to avoid further potential fraud. The commissioners voted Oct. 8 to resume wire transfers. Commissioner Brent Chesney was the sole commissioner who voted against the motion, expressing concern
about the risk of future scams.
The Caller-Times requested email communications from auditing staff and related records about the phishing scam and was unable to obtain those records.
The Nueces County Auditor’s Office stated that it wished to withhold a portion of the requested information, citing the confidentiality of cybersecurity measures, according to a letter from the
Nueces County Attorney’s Office sent on Sept. 24.
More: Law enforcement investigating phishing scam that affected Nueces County departments