Thieves stole $107,625 from the University of Central Florida in Orlando by hacking into a vendor’s computers, tricking officials into transmitting money to a different bank account then swamping the school’s email system so it didn’t notice warnings about the fraud, according to a newly released audit.
By the time the university noticed 12 days later that it had been victimized, nearly all the money had vanished. There were no reports of arrests in the case.
A newly released report from Florida’s auditor general spelled out details of the sophisticated theft, which happened in May. Even after the fraud, the auditor said the university was still transmitting payments to vendor bank accounts before they could be verified.
“The university cannot demonstrate that appropriate measures have been taken to reduce the risk of fraud and errors associated with vendor payments,” the auditor general’s report said. The office serves as Florida’s independent auditor under the Legislature.
The university said after the theft that it put new procedures in place to verify when a vendor owes money to ask the school to update its address or bank account. The state auditor looked at 15 such cases and said it found no more examples of thieves trying to trick the school, but it said the university was still sending payments before the new billing information was being verified.