How Fort Worth IT was scammed, how taxpayers were kept ignorant

Nervous about hackers? Here’s what to do after a data breach

Did you get a notice that says your personal information was exposed in a data breach? Visit IdentityTheft.gov/databreach to learn what you can do to protect your identity.
Up Next
Did you get a notice that says your personal information was exposed in a data breach? Visit IdentityTheft.gov/databreach to learn what you can do to protect your identity.

Fort Worth residents may find miniscule relief in precisely how the city was scammed out of nearly $700,000.

But they should be aghast at the fact that over a dozen city officials — including the mayor and council — sat on that rather striking news for over a year, and that it was made known this week only by the filing of a lawsuit.

The Star-Telegram Thursday broke the news that an alleged scammer, posing as a construction contractor doing business with the city, managed to trick a relatively new employee into routing a $693,625 payment to him in late 2017 — more than the $500,000 initially reported. A suspect has been arrested, and $40,000 has been recovered, a city official says.

In a separate incident, we learned, yet-unknown hackers also managed to reroute the direct-deposit paychecks of six city employees, at a loss of some $16,000.

That city taxpayers and residents were ripped off for nearly $700,000 is something the public might like to know, you would think. But not long after learning about the theft, city staff briefed the council and mayor in a closed session — and for the next year and a half, they all said absolutely nothing to constituents and taxpayers.

It makes you wonder: At what level of lost money would the city think to include the tax-paying public in the news? A million? $5 million?

Here’s a thought for the city: Let us know about the theft of any money. It happens to be ours, after all.

Just as importantly, we need to know if our local government has been defrauded and how. The public has both an interest and a right to know.

In the case of the almost $700,000 theft, it may be of meager comfort to know it wasn’t a hack or electronic vulnerability so much as human error — something to which policies, procedures and training can be, and have been, applied.

Still, the lawsuit — filed by a fired city IT employee — alleges multiple vulnerabilities in the city’s computer infrastructure. It claims employee medical and personal information was viewable for a time by anyone with internet access, and that employees with criminal backgrounds were allowed access to an FBI criminal database.

As far back as last December, Police Chief Joel Fitzgerald expressed his deep concerns that the issues might jeopardize his department’s continued access to the Criminal Justice Information Services database for fingerprint IDs, criminal background checks and other shared law enforcement information vital to a police officer’s job.

Officials note the Texas Department of Public Safety has since audited and approved the city’s system, though the audit is not currently public.

However the allegations in the lawsuit shake out — the fired employee, William Birchett, claims he’s a whistleblower who was fired for going around his supervisors to report vulnerabilities in the city’s computer system — it’s more than troubling that city officials sat on this for over a year without a peep to the public. And that it took a wrongful termination lawsuit to smoke out the fact that we’d been taken for nearly $700,000.

Officials have cited several reasons for the secrecy: a criminal investigation; pursuing the pilfered funds; shoring up security; and avoiding the airing of system vulnerabilities.

None of those reasons, particularly following a suspect’s arrest, excuse this city’s failure to warn its residents and taxpayers of their being cheated out of $700,000.

Excuse residents for feeling cheated again.