Bazetta kicks back blame to auditor
BAZETTA — Trumbull County Auditor Martha Yoder is defending her office’s role in the transfer of $160,857 in township funds to a fraudulent bank account, blaming Bazetta’s disabled security protocols for the breach in a prepared statement Monday.
In response to Yoder’s Monday remarks, Bazetta Trustee Mike Hovis said Wednesday that the auditor failed to follow state mandated protocols.
On Monday, Yoder stated the fraud could have been prevented if the township’s fiscal officer, Stacy Marling, had not disabled multifactor authentication (MFA) on her Microsoft Office 365 account. Yoder said the lack of MFA allowed hackers to access financial records undetected for nearly three weeks.
“This happened because Yoder’s office transferred taxpayer money to a fraudulent online-only bank without proper verification,” Hovis said Wednesday.
He referenced the Ohio Auditor’s Bulletin 2024-003, which requires in-person or phone verification of bank change requests.
“The loss did not occur because of a lack of multifactor authentication but because Auditor Yoder’s office failed to verify the legitimacy of a bank change request received by email,” Hovis said.
The incident, which occurred between August and September, resulted in township funds being transferred to a Green Dot Bank account posing as Bazetta Township. Yoder defended her office’s actions Monday, saying the emails appeared to come from Marling’s compromised account. She noted that half the stolen funds were recovered after Marling questioned why the township had not received its tax payment.
“This fraud would not have occurred if they had maintained their protections,” Yoder said Monday.
In a statement issued Wednesday, Hovis said Yoder’s office ignored “multiple red flags,” including misspellings in email addresses and incorrect contact information. “Yoder’s employee did not take any action to verify that she was communicating with the Township Fiscal Officer, saying, ‘Just an email from you with the routing and account number would be OK,'” he said.
Yoder released additional comments Wednesday, defending the legitimacy of the bank involved. “Green Dot Bank is registered in Texas and is an FDIC bank. Green Dot is registered with the state to transact business in Ohio,” she stated.
Yoder reiterated her stance that the township’s decision to disable cybersecurity protocols created the conditions for the breach. She added that it remains unclear whether the township has since enabled MFA.
The FBI is investigating the breach, which involved multiple fraudulent transactions over several weeks. Trustees intend to pursue legal action against Yoder’s office to recover the remaining funds, Hovis said.