Auditor: Bullitt lacked proper controls to prevent online theft

Wednesday, September 16, 2009

Emily Hagedorn reports:

Bullitt County [Kentucky] Fiscal Court did not have sufficient online banking controls in place at the time of the June online theft of $415,989, according to a report by the state auditor.

[...]

On June 29, Bullitt officials discovered $415,989 missing from the payroll account; $299,684.92 is yet to be recovered. They believe hackers used a malicious code to steal the county’s username and passwords from a county computer and log on through a county Internet connection.

According to the auditor’s report, the county lacked policies to protect information technology services and had insufficient management and oversight of computer networks.

The county does not have dedicated information technology staff, and instead outsources to two vendors. Also, county staff were not able to identify whether services, such as anti-virus protection or spam filtering software, have been installed or updated regularly, the report said.

Read more on Courier-Journal.com

Original Source: http://www.databreaches.net/?p=7160
Possibly Related Articles:
8667
PCI DSS Breaches
Federal Military Municipal State/County General Legal
Data Loss Legal breaches
Post Rating I Like this!