The State of Minnesota lost approximately $90,000 due to the recent phishing scam involving a fake Google Docs app that was distributed to Gmail users, the state's Chief Information Security Officer Christopher Buse said in a statement provided to ABC-owned KSTB. Approximately 2,500 state officials received the problematic email that was trying to convince them to follow a certain link that would lead them to a legitimate Google Login page where they'd be prompted to provide the malicious app with a number of permissions, including access to their emails and contact lists. According to Buse, it took state employees three minutes on average to deal with the widespread phishing scam that the Alphabet-owned company managed to eliminate before it gained more traction in early May. However, those three minutes per employee led to approximately $90,000 in losses for the state of Minnesota, Buse said.
While the methodology used to calculate the aforementioned figure wasn't clarified, the official stated that the majority of the losses were incurred due to the time it took state employees to deal with the phishing scam. The latest data on government employee salaries published by the state of Minnesota in mid-2016 is in line with Buse's claim that implies the phishing scam resulted in 7,500 lost minutes, i.e. 125 lost state employee working hours. The top information security official in the state also said that many employees may have spent much more than three minutes dealing with the scam, but the malicious email didn't lead to more significant damages due to the fact that the majority of government officials in Minnesota don't use Google's services including Gmail and Google Docs to conduct state business.
In a statement issued on Wednesday, the Mountain View-based Internet giant said that the phishing scam has already been dealt with and has affected less than 0.1 percent of all Gmail users, i.e. approximately one million people worldwide. Buse advocated for more funding for cyber security solutions following the incident, adding that this and similar problems need to be addressed "head-on" before they become too big to deal with in a timely manner. While the Alphabet-owned company reportedly eliminated the problematic phishing scam, its full effects are yet to come to light.