An employee of the Massachusetts Clean Energy Center inadvertently wired around $94,000 in public money to a cybercriminal last year, and the agency waited more than seven months to notify its full board of directors, according to a state audit released on Monday.
State auditor Suzanne Bump said that an unnamed official at the economic development agency had transferred $93,679 in public funds to an account controlled by a scammer in January 2017. According to the audit, the agency detected the theft a few weeks later, but did not inform the board until September 2017. The agency also never filed a formal criminal complaint, Bump found.
The agency ultimately recovered $25,261 of the funds from its bank, but could have recovered more had it reached out to law enforcement, the audit said.
“Most of these funds were not recovered, so the agency was unable to use them to further its mission of promoting clean energy technology, projects, and companies,” the report said.
In a statement, the agency said it had implemented new IT security policies immediately after detecting the theft, including employee training courses and the installation of software that blocks fraudulent websites. MassCEC also pledged to notify its board and law enforcement of possible cyber crimes more quickly in the future.
"With these procedures in place, MassCEC will continue to work diligently to support the state’s vibrant clean energy sector, creating quality jobs and economic activity for the people of Massachusetts while helping the commonwealth meet its ambitious clean energy and climate goals,” the agency said.
MassCEC, whose office is located in downtown Boston, is funded through a renewable energy surcharge that totaled $22.7 million last year. It has around 60 employees.