A man accused of stealing about $700,000 from the city of Fort Worth through a phishing email scam was sentenced on Wednesday to 12 years in prison.
Judge Scott Wisch on Wednesday sentenced Gbenga Fadipe, who had pleaded guilty to theft of property greater than $300,000, in 372nd District Court.
A fired senior city IT manager alleged in a lawsuit that the city mishandled the Fadipe theft and other security breaches. William Birchett asserted that he was forced out of his job in retaliation for reporting the technology troubles he discovered. The disposition of the lawsuit was not clear on Thursday, although it appeared the case was under consideration in the Court of Appeals for the 5th District of Texas.
In October 2017, the city’s accounts payable department received a change of account request, according to an arrest warrant affidavit supporting Fadipe’s arrest. The request, actually a scam email, used the name of two employees of Imperial Construction. One of the names was legitimate.
The person who wrote the email asked the department to change an electronic deposit from Plains Capital Bank to a Chase Bank account and included a copy of a check with the new account and routing numbers.
Imperial Construction later told authorities that the signature of the legitimate employee referred to in the email had been forged.
“Fort Worth’s Account Payable department made the change of bank accounts with the belief that Imperial Construction had changed banks, according to the documents received,” Fort Worth police Detective David Bell wrote in the affidavit.
Fadipe had access to the new Chase Bank account and began to make a series of withdraws of thousands of dollars in cash from Houston bank machines, Bell wrote.
“If criminals are deciding who to target, and they know Tarrant County judges are giving sentences like this, they may avoid this area in the future,” Tarrant County Criminal District Attorney Sharen Wilson wrote in a statement.
Within two weeks of liquidating all the funds that totaled $693,625.77, Fadipe, 50, flew from the United States to London and Nigeria, the criminal district attorney’s office said. He eventually returned to the United States and was arrested near Houston.
Yussuph Hazeez faces criminal charges in the case in Harris County.
Beyond the financial loss, city employees with criminal convictions were allowed access to a confidential FBI criminal database, according to the lawsuit Birchett filed in May 2019.
Birchett alleged that he was fired in retaliation for reporting to officials that the city’s cybersecurity had been severely compromised, including that the city had lied about its compliance with FBI crime database regulations and had left city employees’ medical and personal information accessible to anyone with internet access.
The lawsuit, filed in Dallas County District Court, describes Birchett reporting his findings and a proposal to fix the problems to Kevin Gunn, the city’s acting chief financial officer, and Roger Wright, its acting chief technology officer.
“Gunn and Wright rejected Birchett’s remediation proposal in part because the expense would have required approval from the City Council and would entail public disclosure of the deficiencies, bad public relations, and accountability questions as to how and why the City’s cybersecurity was 90% non-compliant,” the lawsuit alleges.
When Gunn and Wright would not heed his warnings of non-compliance, Birchett reported the security breaches to law enforcement agencies, including the Texas Department of Public Safety and Fort Worth police, the lawsuit states. In retaliation, he was placed on administrative leave and ultimately fired, it states.
City officials have said that additional safeguards have been implemented to be certain banking information updates are properly reviewed.