Baltimore worker stole funds during cyberattack, city watchdog says

A city sanitation worker embezzled as much as $455 by shredding tickets that had to be handwritten when a ransomware attack disabled electronic payments.
garbage truck dumping
(Getty Images)

A Baltimore sanitation worker used a workflow procedure implemented after ransomware attack earlier this year to steal government funds, the city’s inspector general announced last week.

The report published Friday stated that for two days following a May 7 cyberattack that disrupted many municipal functions, including the ability to process electronic and credit-card payments, a cashier for the Baltimore Department of Public Works embezzled as much as $455.73 by shredding tickets for garbage hauls that came through one of the city’s waste-transfer stations.

The ransomware attack, which has been attributed to a virus known as RobbinHood, disabled numerous IT systems across the city government. Many agencies that process payments, including DPW, temporarily developed “manual workarounds,” reverting to pen and paper to log transactions for several weeks.

According to the inspector general’s report, the cashier shredded 16 hand-written tickets for garbage loads brought in by “small haulers” on May 28 and 29. But DPW officials eventually noticed that the cash intake for those days did not accurately reflect the waste station’s logs, prompting an investigation. The Office of the Inspector General said a supervisor at the waste station recovered the 16 shredded tickets and submitted them for review, which pointed investigators to the cashier.


“Based on the time stamp and date and each of the reconstructed tickets, the OIG identified one cashier working at those times and dates,” the report reads. “The investigation found this cashier intentionally failed to record several cash transactions and disposed of intake tickets she received.”

The inspector general was able to confirm two of the garbage drop-offs that were shredded and embezzled. The cashier, whose name has not been disclosed, was fired from DPW and has since pleaded guilty to theft of less than $100.

Although the amount lost to the shredded waste tickets pales to the $18 million Baltimore officials have said the ransomware attack could eventually cost the city, the embezzlement case adds to the incident’s legacy.

A September audit of Baltimore City Information Technology revealed that workers responsible for preserving department performance metrics saved crucial files on local hard drives that were later wiped out by the cyberattack. The attack’s fallout also surfaced reports that Baltimore’s municipal networks relied on outdated hardware and software and that the IT agency had declined to develop a disaster-response plan that its critics said could have prevented the incident or limited the damage, ultimately leading to the ouster of Chief Information Officer Frank Johnson in early October.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts