Auditors for the Port of South Louisiana said the cyber attack led to the money being misappropriated. Port officials have been able to recoup about $250,000 through insurance and are filing paperwork to seek more reimbursement.
The agency has a budget of about $15 million a year.
A new annual audit, which covered the fiscal year ending on April 30, 2022, disclosed the theft last fiscal year but offered few details about what the hack was, when it happened or if any arrests had been made.
But port officials' response to the auditors offered some clue.
Officials told auditors that they were training employees to protect against future attacks and have started "a third-party verification process" for vendors seeking payment that includes "verifying information through a phone call with a representative of the requesting vendor."
Micah Cormier, spokesman for the port, said Wednesday the port would not offer more details on the 2021 attack "because making that information public will make the port vulnerable to another attack."
The port hired Evalv IQ, a firm with expertise in cybersecurity. The company has completed "a cyber audit" that did not turn up "an active or live breach within 2022," Cormier said.
"There were minor network vulnerabilities that have been corrected," he said.
Separately, in September, port officials also announced they have received a nearly $1 million grant from the Federal Emergency Management Agency to improve the state agency's cybersecurity and other security measures.
The grant award wasn't directly related to the cyber attack, Cormier said, but reflected a broader decision to respond seriously to rising security risks.
"This is becoming a bigger threat across the country and the world. This is just for simply locking down our vulnerabilities and hardening our infrastructure here, so we can make it better and prevent it from happening," he said.
The FEMA dollars are expected to beef up not only cyber security technologies and monitoring but also geographical software systems.
With the latter upgrades, the agency's security officials will have up-to-date spatial information on the 54-mile stretch of the Mississippi River overseen by the port. With the port's 25 percent match, the value of combined security spending will top $1.27 million, port officials have said.
The cyber attack on the port was reported to the St. John the Baptist Parish District Attorney's Office and other law enforcement, including the FBI, auditors said
Under federal law enforcement policy, an FBI spokeswoman in New Orleans declined to "confirm or deny the existence of an investigation" into the cyber attack.
Spokespersons for the St. John district attorney and sheriff's offices didn't immediately return calls for comment Wednesday. Auditors said the hackers made off with $420,319 in port funds.
Cyber attacks continue to be a rising threat for businesses, local governments and residents, the FBI has found.
In 2021, an FBI center that receives complaints about internet crime had a record year, with potential losses from complaints exceeding $6.9 billion.
Among the top complaints were ransomware, business e-mail compromise schemes, and the criminal use of cryptocurrency, an FBI report says.
The Port of South Louisiana encompasses the Mississippi in St. Charles, St. John the Baptist and St. James parishes and was the second leading port by tonnage in 2019, the latest data show. The leading commodities are grain and crude oil.
(c)2022 The Advocate, Baton Rouge, La. Distributed by Tribune Content Agency, LLC.