CORPUS CHRISTI, Tx — Nueces County officials provided an update Monday on the cybersecurity attack that has cost the county nearly $2 million, revealing that most funds are expected to be recovered.
Interim County Auditor Constance Sanchez confirmed that the county fell victim to what investigators have determined was a business email compromise scheme involving five separate fraudulent incidents, three of which resulted in financial losses.
The largest transaction of $999,214.12 will be fully recovered with assistance from Frost Bank, the county's depository, Sanchez announced during Monday's press conference. She added it may take up to 120 days before those funds are deposited back into the county's account.
A second significant loss of $937,777.10 remains under investigation, though officials expressed confidence that these funds will also be recovered.
The smallest incident, involving $56,850, has already been fully recovered.
"I'm glad to say that has been recovered," Sanchez said of the initial loss, adding that the county expects to recoup the nearly $1 million transaction as well.
The County Auditor's Office has implemented strict new protocols following the attack. All electronic payments have been suspended, with only paper checks being issued until the investigation concludes. Officials conducted a comprehensive review of all vendors and suppliers who had requested payment method changes during the current fiscal year.
Due to that review, county staff were able to prevent another fraudulent transaction from occurring during their vendor outreach efforts, according to Sanchez
"Going forward, any future changes in payment type method by any vendor or supplier will require in person contact for authentication," Sanchez said
Sheriff JC Hooper, who has been leading the criminal investigation alongside federal partners, confirmed that the FBI remains heavily involved in the case. The investigation, which began about a week before the initial August announcement, focuses on both recovering remaining funds and prosecuting those responsible.
During Monday's press conference, the county said the attacks began in July and involved sophisticated emails that appeared to come from legitimate vendors requesting banking information changes. Unlike a traditional hack, these business email compromise schemes rely on social engineering to trick employees into authorizing fraudulent transactions.
Sanchez also acknowledged that existing safeguards failed during the initial incidents, though she noted that formal written policies were not in place at the time under previous management. The current protocols require staff to contact vendors directly using phone numbers on file, rather than contact information provided in emails, before processing any banking changes.
No disciplinary action has been taken against existing employees, as there was no formal written procedure at the time of the incident, Sanchez said.
County Judge Connie Scott said that Nueces County had taken out cybersecurity insurance in June, just weeks ahead of the first incident in July.
"Everything was in place to help us recover this. We feel fairly certain and really good about recovering completely," Scott said.
The exact amount of insurance coverage and potential reimbursements won't be determined until the investigation concludes and all recovery efforts are finalized, potentially within 120 days.
Officials emphasized that such cyber attacks have become increasingly common nationwide, affecting municipalities and businesses across Texas and beyond. The sophisticated nature of these business email compromise schemes makes them particularly challenging to detect and prevent.
"This is a common occurrence nowadays, unfortunately, in the world that we live in," Judge Scott noted, while praising the county's preparation and response.
