HILLIARD, Ohio (WCMH) – A December e-mail phishing scam in Hilliard that resulted in the theft of close to $219,000 is currently being investigated.
According to a press release from the city, Hilliard’s Director of Finance David Delande was fired Monday, and an accounting assistant remains on paid administrative leave in connection with the incident.
The city said the theft was the result of “human error in not following established protocol,” adding the scam did not breach Hilliard’s systems or data.
An accounting assistant with the city received two emails – one each on Dec. 8 and Dec. 19 — from someone pretending to be Strawser Paving Company, a vendor the city works with, according to the press release. The second email convinced the staff member to change the bank routing information Hilliard had for the company, and on Dec. 20, a payment of $218,992.06 was made to that account.
“While taking such actions is part of the standard work of an accounting assistant, in this instance a verification protocol the City has in place was not followed,” the city wrote in the press release.
Between Dec. 28 and Jan. 5, finance department staff found the city had been scammed. On Jan. 6, Hilliard police were contacted by the finance director.
Delande told the city manager about the incident on Jan. 31, 35 days after he became aware of the scam.
“Just some cybercrime and, to be honest with you, we have to be careful because there’s still a lot of other stuff,” said Hilliard City Council Member Les Carrier. “There’s still a lot going on, so we don’t want to interfere with that. But, it was very sad and I think folks have to remember that there’s a lot of people involved and a lot of lives and professionals involved.”
The city has filed a claim with its insurance broker.
“Through the City’s internal and criminal investigations, we are learning exactly what happened and when, and we are committed to finding the criminals who launched this phishing scam,” City Manager Michelle Crandall said in the press release. “We also are performing a thorough review of our Finance Department’s accounts payable protocols, including determining why a required protocol that could have prevented this scam from being successful was not followed.”