An investigation by Baltimore Inspector General Isabel Mercedes Cumming of an anti-crime program found several fraudulent invoices and evidence that a city employee improperly shared sensitive data.
Both of Cumming’s findings were referred to law enforcement for further investigation.
Cumming’s report, released Tuesday, detailed her investigation of the city’s SideStep program, a pilot initiative run by the Mayor’s Office of Neighborhood Safety and Engagement, or MONSE, from 2022 to 2024. The program paid 15 contractors about $690,000 to provide services to city youth who had low-level interactions with Baltimore Police, aiming to prevent future criminal activity.
A review found that fraudulent invoices were paid by MONSE to two contractors. One contractor, whose identity was not revealed, altered invoices to receive higher payments from the city, Cumming found.
A second contractor, also unnamed, was unable to provide records related to several submitted invoices. The city lost thousands of dollars between the two, Cumming said in her report, although she would not provide an exact figure, citing a possible criminal investigation.
Cumming’s investigation also found evidence that an employee of MONSE shared data detailing the identities of city youth, a violation of a state law that bars the sharing of such information.
In 2023, the unnamed employee forwarded a table containing the identities of 700 youth as well as birth dates and charges filed against them. The employee sent the table to a relative’s personal Gmail account, Cumming said.
In a written response, MONSE Director Stefanie Mavronis said the office began its own audit of invoices related to the SideStep program in the fall. That audit identified one instance in which a contractor did not provide documents needed to reconcile a payment.
“MONSE has initiated the process to recoup these funds from the organization, in partnership with the Law Department,” Mavronis wrote.
Mavronis said the agency also found an instance in which a now-former employee sent data to a relative three years ago. The director called the action “unacceptable” and a violation of MONSE policy and state law.
“In short, the violation appears to be the independent actions of a single individual, rather than a reflection of MONSE’s data management procedures,” Mavronis said. “MONSE and the Law Department are conducting a thorough review to ensure that any relevant data-breach notification requirements are met in the future.”
MONSE records have been at the center of a dispute between Mayor Brandon Scott’s administration and Cumming over the availability of data to the inspector general. In January, Scott’s staff announced they were cutting access to city legal records for Cumming’s team after discovering a member of her staff had “unfettered” access to a city attorney’s documents. The administration argued that the access was a violation of attorney-client and work product privileges.
In February, the Scott administration announced it was further restricting Cumming’s access to a wide swath of documents in response to legal advice it received from an attorney with the Maryland Office of the Attorney General. That advice, requested by a state senator, suggested that interagency requests for records, including subpoenas issued by Cumming, were subject to the Maryland Public Information Act, which bars access to certain records such as personnel and financial information.
Late last month, Cumming took the fight to court and filed a lawsuit seeking to force the city to comply with subpoenas.
Cumming repeatedly referred to the dispute in her most recent report. A timeline outlined instances of the administration withholding records and citing various legal protections. The report’s conclusion noted the city’s Law Department redacted more than 200 financial documents.
“The OIG reiterates that this report clearly shows why oversight and direct access to city records and emails are necessary to identify fraud and prevent liability to the city,” she wrote.
Comments
Welcome to The Banner's subscriber-only commenting community. Please review our community guidelines.