Cyber Incident Victim: Butte School District No. 1

In May 2022, Butte School District No. 1 fell victim to a business email compromise (BEC) attack that resulted in the loss of $1.1 million. The incident began when district personnel received an email appearing to originate from their primary contractor, Langlas & Associates Inc., which was performing construction work on East Middle School. The fraudulent email requested changing payment methods from checks to direct deposit. Believing the request to be legitimate, district officials processed the payment via wire transfer. Subsequent investigation revealed the email originated from a cybercriminal who had obtained detailed information about the district's operations through unknown means. Upon discovering the theft, school administrators immediately notified the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS). A forensic examination conducted by third-party investigators from the district's insurance provider found no evidence of unauthorized access to the district's financial systems that could have facilitated the fraudulent transaction. Superintendent Judy Jonart emphasized the attack's sophistication, noting both federal investigators and insurance examiners characterized it as highly advanced. The district maintained that its annual internal audits had previously verified adequate financial controls in their transaction approval processes, which required multiple departmental reviews.

The financial impact led to a negotiated $837,500 settlement with Langlas & Associates to ensure subcontractors were paid, funded through interest from metals mine funds, insurance proceeds, and legal allocations without affecting taxpayer resources or student programs. As a direct response, the district implemented a checks-only policy for all vendor payments and mandated annual fraud prevention training for all employees, covering phishing identification, ransomware defense, internet privacy, and cyber incident response. Multi-factor authentication was added to district accounts, aligning with FBI recommendations for BEC protection. The district also enrolled in two free cybersecurity programs: one through DHS's Cybersecurity & Infrastructure Security Agency to identify network vulnerabilities, and another provided by their insurance carrier. A committee comprising the superintendent, IT leadership, HR, and finance directors was formed to customize training modules by job function and integrate cybersecurity into the district safety committee's purview. While no personnel disciplinary actions were publicly disclosed, the district committed to ongoing process reviews with auditors. Recovery efforts included provisions for Langlas to share in any funds recouped beyond the settlement amount if investigators successfully trace the stolen money. The FBI's classification of the incident highlighted BEC as a widespread threat, citing over $2.4 billion in losses reported nationwide in 2021 through similar schemes targeting organizations like school districts and universities.