A failure to follow procedures at the Guam Solid Waste Authority (GSWA) may result in the government of Guam losing $267,000.
This revelation was made by Gov. Lou Leon Guerrero in a letter to GSWA board chairman Andrew Gayle dated Oct. 1, 2019.
In the letter, the governor wrote that she is deeply troubled by what she describes as an incident of cyber fraud against GSWA.
“I am informed that in June of this year, responsible personnel at GSWA received fraudulent email correspondence from a third party. It appears that this third party purported to be a regular GSWA vendor scheduled to receive electronic payments from the authority. Upon receiving this fraudulent correspondence, responsible personnel were directed to change the account number and financial institution to which payment were traditionally paid,” the governor wrote.
The change was made at the direction of GSWA, which Leon Guerrero stated was done without the standard person-to-person verification. The amount of the fraudulent transaction reported to authorities is $267,000, money that may not be recovered.
This news comes just months after the Leon Guerrero administration reiterated to the federal court that Guam could manage GSWA.
“And I know that some critics will contend that this example of fraud disproves that contention. To them I would say this: Tricare, the U.S. Department of Veterans Affairs, the Federal office of Personnel Management, and the state departments of Revenue and Taxation for Texas and South Carolina have all been the victims of malicious cyber activities. Like each of these agencies or states, Guam will not be perfect in an imperfect world. But we will acknowledge our shortcomings, hold people responsible and implement a plan to ensure we are prepared for the future,” the governor said.
In response to the incident, the governor wants answers and has directed GSWA to do the following:
* That GSWA conduct an internal review of this incident and its existing financial controls;
* That this internal review determines which controls or personnel failed, holding all responsible parties accountable, and that a Corrective Action Plan be implemented;
* That GSWA and other autonomous agencies adopt secure email protocols and servers, protecting all relevant financial data; and
* That every employee at GSWA authorized to administer financial account undergo basic cyber fraud detection training.