MNPS Scammed: How a Hacker Duped Nashville Public Schools Out of $479,000

In a costly cybersecurity failure, Metro Nashville Public Schools (MNPS) unknowingly wired nearly half a million dollars to a cybercriminal posing as one of their contractors. The fallout? A lawsuit, finger-pointing, and a lot of expensive lessons. This is the story of how MNPS was duped and scammed—and what GeckoTech Solutions would have done to stop it.

Quick Recap: What Happened

• MNPS had a standing contract with WEBCON, a Brentwood-based construction firm.
• WEBCON’s Oracle iSupplier Portal account was compromised.
• A hacker impersonated WEBCON, submitted fake invoices, and changed payment info multiple times.
• MNPS wired $479,509 to fraudulent accounts.
• WEBCON claims they’re still owed the money and has filed a WEBCON MNPS lawsuit.
• MNPS denies fault, asserting WEBCON failed to secure their portal access.

MNPS Hacked: The Detailed Timeline

• February 2021: MNPS signs a $5 million contract with WEBCON.
• July 2024: Hacker accesses WEBCON’s account in the MNPS-mandated Oracle portal.
• September 2024: Hacker, posing as WEBCON’s president, submits payment changes via email.
• Wire Transfers Issued: MNPS sends $479,509 to unauthorized accounts.
• October 2024: WEBCON realizes it hasn’t been paid. MNPS reveals documents confirming wire transfers.
• Post-October: WEBCON vs MNPS legal dispute begins in Davidson County Circuit Court.

WEBCON vs MNPS: Who’s at Fault?

Here’s where it gets messy—and why this ended up in court.

WEBCON’s Mistakes

• Didn’t enable Multi-Factor Authentication (MFA) for their portal.
• Missed red flags when their invoices weren’t being paid.
• Didn’t catch account compromise for months.

MNPS’s Mistakes

• Changed payment info multiple times without verbal confirmation.
• Ignored industry-standard vendor verification protocols.
• Relied solely on email for financial operations.

This wasn’t one side’s blunder. Both dropped the ball.

WEBCON MNPS Lawsuit: What’s at Stake?

Bottom line: No one really wins—except the cybercriminal.

How This Should Have Been Prevented

This wasn’t some sophisticated zero-day exploit. This was an old-school con, enabled by bad processes and poor communication.

WEBCON’s Checklist:

• Secure portal access with MFA
• Monitor login activity and receive alerts
• Set up payment reconciliation alerts
• Immediately investigate missed payments

MNPS’s Checklist:

• Never accept banking changes via email without voice/video verification
• Use vendor validation workflows with documented approvals
• Limit the number of account changes per vendor per quarter
• Train all finance personnel on red flag detection

One lunch meeting. One phone call. One fraud policy. That’s all it would’ve taken.

How GeckoTech Solutions Prevents These Attacks

At GeckoTech Solutions, we specialize in protecting businesses just like yours from these preventable, high-cost breaches.

What We Offer:

• MFA and Portal Security Audits: We’ll lock down every login.
• Payment Process Security Protocols: No payment method changes without verification.
• Audit Trail Monitoring: Real-time alerts for any unusual account activity.
• Vendor Fraud Prevention Policies: We’ll help you create a rock-solid internal approval process.
• Cybersecurity Training: Train your team to spot and stop fraud before it happens.

Final Word: Don’t Be the Next Headline

The MNPS hack is a $479,000 reminder that even large institutions can miss the basics. Whether you’re a school district, contractor, or SMB—you cannot afford to trust email alone.

Contact GeckoTech Solutions today and make sure your business doesn’t learn the hard way.  Schedule your FREE network security assessment now.

View the Tennessean Article here.