Trumbull County Auditor blames weakened computer security for Bazetta's $100K hack
WARREN, Ohio - As the FBI continues to investigate how computer criminals stole $100,000 in public funds from Bazetta Township, Trumbull County Auditor Martha Yoder blames security measures she says were disabled on the fiscal officer’s computer software.
Yoder responded to earlier criticism that her office lacked a policy that would have prevented turning over the township funds to a “new bank” without approval by the township trustees and fiscal officer.
In a news release issued on Monday, Yoder claims the township’s computer system had been compromised because the Bazetta fiscal officer had IT personnel switch off a multi-factor authentication feature, which would have required more than just a password to access the fiscal officer’s Microsoft Office 365 account.
“Any stored or recently opened documents that contained financial information or information relating to how the processes work were in the hands of the hacker to use as he or she pleased to make documentation look legitimate,” said Yoder. “This was not a phishing or fake email scam.”
According to Yoder, the fiscal officer’s account had been compromised since August 9th, 2024, giving the hacker full access to the officer’s account until at least, September 3.
“Turning off the multifactor authentication removed a vital barrier and opened the door for a hacker to take over the Fiscal Officer’s account and control it, which the hacker did for at least three weeks,” asserts Yoder.
Auditor Yoder suggests that under state law, the fiscal officer should be liable for the stolen funds.
On the other end, Township Trustee Michael Hovis still blames the auditor completely.
"We're gonna find out how many townships in Trumbull County actually use the multi-factor authentification. We're gonna find out that there's not too many of them," Hovis said. "It's just an excuse. It doesn't circumvent that she sent the money to a bank that's not even authorized to do business with any government agency in Ohio. It's a big deal. It's our taxpayer's money," he said.
Yoder tells 21 News that while it's her office's responsibility to make sure any changes made are correct and that it certainly should have been done, she said they acted in good faith because the fraudulent email came from the fiscal officer's account. Yoder said security is the fiscal officer's primary responsibility.
