The Montana Department of Agriculture lost more than $344,000 from a person impersonating a grant recipient in an email phishing attack, according to a new report recently released by the Legislative Audit Division.
The incident, which happened in October 2020, was one of two cases turned up by a legislative auditing team as part of a two-year cycle of reviews for the Legislature.
The other incident, which occurred in April 2020, happened when an employee with the Department of Agriculture purchased $1,000 in gift cards in response to a different email phishing attack. That scam was thwarted when the employee became suspicious and notified their supervisor. According to the report, the gift cards were returned for full credit.
However, the state lost $344,271 in the larger phishing scam. It noted that the department was able to stop the first payment to hackers, but not the second, which resulted in the loss.
The Montana Department of Agriculture agreed with the auditors’ findings and agreed to update its financial controls. The department also reported the theft to its chief attorney, the Governor’s Office, and the Department of Administration’s Risk Management and Tort Defense, but it did not notify state auditors.
The Legislative Audit Division reported that the incident was turned over to the state’s insurance carrier.
“We recommend the Department of Agriculture comply with state law by notifying the attorney general and…
