Thomas Meston, CFO for Fortelus Capital Management LLP in London, lost his job on Friday, June 3rd after a phone conversation. The caller, who dialed the CFO late in the work day, claimed to be from the bank the hedge fund uses. He told Meston that the bank had noticed fraudulent activity on the account. Ultimately, Meston gave the caller security information to cancel 15 suspect payments. On Monday, Thomas Meston checked the firm’s bank account and saw that $1.2 million was missing from the bank, part of the Royal Bank of Scotland Group PLC, and nobody from the bank had made a call to Meson on Friday. After the unfortunate finding, Thomas Meston was released from the firm and now faces a breach of duty lawsuit.
The case illustrates how vital cybersecurity awareness and protection is for any company today, and CFOs are only one of many targets. The hedge fund’s lawyer has indicated that none of their client’s assets have been affected and that the company does have strong fraud policies in place.
As part of the termination, Meston is agreeing to relinquish 136,600 pounds worth of salary and bonus payments. In the incident, the only way the fraud could have been prevented is if Meston had taken the time to hang up and call the bank for confirmation rather than trusting the individual on the other side of the phone. According to Bloomberg, Meston believed that the caller was preventing fraud by notifying the firm, not a party to fraud. Court filings indicate that Thomas Meston’s reactions under the circumstances were normal and reasonable, and therefore not a breach of duty.
Some cyber security professionals believe that security practices are a c-suite level issue. Unverified human interaction can easily become a threat to a company’s private information and assets, especially when executives fail to confirm sources over the phone.
Fortelus Capital Management LLP was founded in 2007. The private equity firm specializes in restructuring, special situations, and turnarounds. They also have historically managed private hedge funds for clients and invest in European based companies. The company is registered in the US as of June 2014, and they are not currently active in UK related investment activities.