In October 2017, the city of Fort Worth, Texas became the target of a phishing scam.

Their accounts payable department received an email that appeared to be from Imperial Construction, a that was doing business with the city at the time. The sender of the email, later identified as Gbenga A. Fadipe, requested a change of account.

The scam email prompted the department to change an electronic deposit
from Plains Capital Bank to a different account with Chase Bank. Given the
convincing nature of the email, the request received approval. The city’s
accounts payable department believed that Imperial Construction had simply
changed .

However, this wasn’t the case. Fadipe had planned the to
gain access to city accounts. According to the arrest warrant affidavit, he
withdrew thousands of dollars between November 2017 and January 2018 from the
new account with Chase Bank, severely compromising the of Fort
Worth.

City officials responded, claiming that Fort Worth “had been the
of fraud in late 2017 when, due to human error, a vendor payment was
redirected to a bad actor.” As of now, Tarrant County has charged Fadipe
with theft of property greater than $300,000, though the true cost of the scam
is much higher. The injustice might have ended here, were it not for the events
that transpired shortly afterwards.

Retaliation Against Whistleblowers

Fort Worth’s former IT manager, William Birchett, went to officials
with concerns over the state of their cybersecurity following the attack. He
made several claims, including that the city had left the medical and personal
information of their employees accessible to anyone with access.

Birchett also brought attention to how the city had lied about its
compliance with FBI crime database regulations. He reported his findings and
submitted a proposal to Kevin Gunn, the city’s acting chief financial officer.
Birchett also went to Roger Wright, the city’s acting chief technology officer.

Instead of moving forward with the changes, city officials fired
Birchett in retaliation. They would later fire one of Birchett’s coworkers,
Ronald Burke, who had previously supervised him. Both men have since filed
whistleblower lawsuits against the city, with representation from attorney
Stephen Kennedy.

Burke has also claimed the city retaliated against him for reporting
issues with their cybersecurity and compliance with federal regulations. Like
Birchett, Burke is seeking more than $1
million
from the city of Fort Worth, which is “fully prepared to defend
itself,” according to a recent statement from officials.

Response From Fort Worth Officials

In response to the allegations from Birchett and Burke, city officials
said, “The people who have filed these suits were responsible for managing
the very security items that they are now criticizing…” Officials went
on to say they resolved the problem with their employee data
“immediately,” but this is not the case.

Stephen Kennedy responded to the attempt by city officials to address
the controversy, saying, “The City is not being forthright when it claims that
it ‘immediately’ resolved issues concerning preservation of the City employees’
medical data information, unless your definition of the word immediate means
six months…”

Birchett and Burke have provided additional insight into the city’s
negligence. They allege that they repeatedly reported on problems with Fort
Worth’s cybersecurity and compliance with federal Criminal Justice Information
Services regulations. Despite their efforts, city officials refused to take
action.

The behavior of Kevin Gunn, Robert Wright and other Fort Worth
officials is indicative of a larger problem than the phishing scam
with Imperial Construction
. It shows a pattern of irresponsibility and
neglect that goes back farther than 2017. Even with access to potential
solutions, officials failed to act.

The Importance of Transparency

The decision to retaliate against whistleblowers is often
counterintuitive. In this instance, the city of Forth Worth was attempting to
suppress information, but the firing of Birchett and Burke only brought that
information to the surface. Though city officials tried to ignore the flaws in
their system, they only intensified.

This speaks to the importance of individuals like William Birchett and
Ronald Burke. Without the courage of whistleblowers, an organization with
illicit practices can continue to grow. Even if that organization retaliates, whistleblowers
have protection under the law
and can trust in the
justice system to serve its purpose.

As context, OSHA’s Whistleblower Protection Program enforces the
provisions in more than twenty whistleblower statutes, protecting employees in
the healthcare, airline and food safety industries, among other sectors. In
short, those who come forward with information about a company can expect fair
treatment.

Looking Toward the Future

Gbenga A. Fadipe’s phishing scam revealed far more about the city of Fort Worth than anticipated. What started with a fraudulent email quickly transformed into something else, and now, Birchett and Burke are set to move forward with their individual lawsuits against the city. As the situation unfolds, it will likely have implications outside the state of Texas.

About the author

about paycheck  - thoughtful brick b w cropped - Fort Worth IT Professionals Fired for Reporting Cybersecurity Issues:Security Affairs

Kayla Matthews is a technology and cybersecurity writer, and the owner of ProductivityBytes.com.

Pierluigi Paganini

(SecurityAffairs – cybersecurity, hacking)






Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here