Skip to main content

Independent review finds Greenfield police chief's allegations 'unfounded'

By Caitlin Forsha
The Highland County Press

An independent review of allegations of unauthorized access to the Greenfield Police Department's computer network determined that the village “conducted a fair, thorough and complete investigation” of the allegations, while the concerns alleged by the police chief “were ultimately unfounded.” 

An investigation and subsequent nine-page report was prepared by Scott L. Hughes, who serves as the Hamilton Township (Warren County), Ohio Chief of Police and has a 27-year law enforcement career, including as an instructor in the Ohio Peace Officer Training Academy for 24 years.

According to Hughes, he met with Greenfield City Manager Todd Wilkin on June 17 and was “asked to review the administrative reports, miscellaneous information and interviews conducted by the village manager” in response to allegations from Greenfield Police Chief Jimmy Oyer regarding unauthorized access to the police department's computer network. 

The allegations and other concerns were brought out at a June 3 Greenfield Village Council meeting by Oyer and Dispatcher Misty Breakfield.

“After reviewing the information, Mr. Wilkin conducted a fair, thorough and complete investigation into the IT issues presented to the Village Council,” Hughes wrote. 

“Additionally, I don't believe there was improper or illegal access to the Village server(s).”

Later, Hughes added, “It is essential to address the initial inaccuracies that arose during discussions led by Chief Oyer and Ms. Breakfield to clarify any misunderstandings. While their statements were made in good faith, they were later found to be incorrect, leading to confusion within the council and the community. 

"Chief Oyer's concerns about potential felonies and security risks, though severe, were ultimately unfounded.”

Hughes wrote that he reviewed Wilkin’s report to council and Wilkin’s notes regarding his investigation; numerous emails between various stakeholders; transcripts of phone calls; a letter from Sgt. Jay Beatty; audio recordings and Facebook videos from Greenfield Village Council meetings; recorded phone calls between Wilkin and others; independent research online; LEADS (Ohio Law Enforcement Automated Data System), OHLEG (Ohio Law Enforcement Gateway) and CJIS (Criminal Justice Information Services) research; Lexipol and CALEA (Commission on Accreditation for Law Enforcement Agencies) policies and procedures; International Association of Chiefs of Police and Police Executive Research Forum information; and a phone call with Misty Breakfield in reaching his opinion.

Hughes wrote in his report that “During the [June 3] council meeting, Dispatcher Misty Breakfield informed council members that an officer contacted her on Friday, May 31, 2024, that he could not access LEADS. She indicated that she contacted the ‘certified compliant vendor, IT Vendor, Andy,’ and he was told to give passwords to the new ‘non-compliant vendor.’ She further advised the council that VC3 (the new IT provider) has not completed the background checks required by the FBI, etc., and that the city is ‘vulnerable.’ A council member asks her, ‘How did this happen?’ Ms. Breakfield stated, ‘Somebody authorized access to our server.’”

After a discussion among council members and then-Law Director Hannah Bivens, as well as Wilkin and Breakfield, Hughes wrote that “Oyer was asked to speak” and made allegations about “felonies” being committed.

“Chief Oyer indicated that one of his officers was approached and asked to take over the IT Process because he (the chief) ‘was holding the process up,’” Hughes wrote. “He also remarks on being ‘bound under the ORC when someone accesses my system.’ Chief Oyer indicated that while he was on vacation, one of his officers was approached by Mr. Wilkin to take over the process of getting the new IT company onboard. Chief Oyer stated that his officer refused because he (the officer) did not have access to the system. 

“Chief Oyer remarked that his officers ‘are not even on the domain anymore’ and insinuated that felonies have occurred, placing him and Ms. Breakfield at ‘felony risk’.’ He also stated, ‘We could have lost our whole terminal (LEADS) over this’ and an ‘unfunctional PD over this.’ Chief Oyer told the council that he ‘is not [sic] going to let felonies happen and not report this.’ 

“Chief Oyer expands on his concerns that felonies have occurred and that he could be sent to prison for the offenses that have occurred,” Hughes continued. “Law Director Bivens reminds the council that no felonies have occurred. Ms. Bivens informs the council that there is a difference between the Ohio Revised Code and the Ohio Administrative Code. Currently, there is only a Level I violation – no criminal charges. Council members ask to go into executive session regarding the matter, which Ms. Bivens states they cannot.”

After being asked to look into the matter, Wilkin read a prepared statement to council at a June 10 special meeting, which can be read at: https://highlandcountypress.com/news/greenfield-city-manager-addresses-….

As noted in the statement, Wilkin spoke with Ohio BCI and “verified that the problems were not criminal but pertained to administrative compliance. 

“Mr. Wilkin underscored the necessity for Chief Oyer to have directly engaged BCI if concerns about illicit access to a system existed, as prescribed in ORC 2913.04,” Hughes wrote. “He emphasized that no conclusive evidence was furnished during the meeting to substantiate the occurrence of unauthorized access. 

"It was determined that an inadvertently unplugged network cable impeded officers from accessing the system. Additionally, he reported that the hard drive failure of the primary server occurred on the central server and was unrelated to the alleged unauthorized access.”

Hughes wrote that Wilkin noted also speaking with the village’s “IT provider, Andy Kappel, regarding password modifications, distribution of server passwords, and any other server access,” who confirmed “that unauthorized individuals were not present on the server log.”

In addition, as noted by Wilkin in his statement to council, “I never asked Sgt. Beatty to take over the IT process, grant unauthorized access to the server, or grant access for VC3.” 

At the June 10 meeting, council voted 5-0 to hire an independent, third-party IT company to investigate the situation. The village hired Hughes to review Wilkin’s “report and investigation” as presented to council.

According to his report, Hughes confirmed that Wilkin “promptly contacted” Kappel, the IT provider, after the June 3 council meeting and spoke to him for 38 minutes.

“Mr. Kappel assured Mr. Wilkin that he did not know of any unauthorized access to the village servers,” Hughes wrote. “He explained that he had provided passwords to the new IT provider, VC3, as part of standard procedure during a transition between IT companies. Mr. Kappel also clarified that he did not possess LEADS passwords.” 

Wilkin then contacted VC3 the following day, who advised “that their technician had been on-site on May 30 to address server fan problems, a day before officers reported difficulty accessing the system.” Also on June 4, Wilkin spoke to “LEADS security and BCI,” Hughes wrote.

“Ms. Breakfield had already informed LEADS security that an unvetted individual had accessed the system,” according to Hughes’ report. “Mr. Wilkin disclosed to LEADS security that Andy Kappel lacked CJIS compliance and assured them that VC3 was completing necessary background checks. 

“On June 4, Mr. Kappel reiterated to Mr. Wilkin that no one had accessed the police server, contradicting Ms. Breakfield's testimony at the council meeting. The next day, Mr. Wilkin checked with Mr. Kappel again, who reaffirmed that no unauthorized access had occurred.” 

On June 5, BCI verified “that the issue was non-criminal,” and Wilkin “instructed VC3 not to access the police server or enter the server room until they obtained all required background checks and CJIS certifications,” Hughes wrote.

The next day, June 6, Hughes wrote that Breakfield “revealed that GPD Officers Bales and Snavely had reported an inability to access OHLEG due to an unplugged network cable, which was promptly rectified, restoring access. Ms. Breakfield acknowledged the unawareness of Andy Kappel's CJIS non-compliance. She affirmed that LEADS had not been compromised, nor had there been any breach or unauthorized password distribution by Mr. Wilkin.”

Finally, on June 7, Wilkin “convened with stakeholders to reinforce protocols ensuring secure access to the server room,” Hughes wrote. “He also confirmed with LEADS security that GPD operations remained unaffected, and no sanctions were imposed, contingent on VC3 achieving CJIS compliance.” 

Hughes concluded his report with his “analysis, opinions and conclusion,” which said that “Mr. Wilkin's investigation into allegations of improper access to the Village of Greenfield IT servers exemplifies adherence to [the] best practices” set forth by the International Association of Chiefs of Police.

“It is essential to address the initial inaccuracies that arose during discussions led by Chief Oyer and Ms. Breakfield to clarify any misunderstandings,” Hughes wrote. “While their statements were made in good faith, they were later found to be incorrect, leading to confusion within the council and the community. Chief Oyer's concerns about potential felonies and security risks, though severe, were ultimately unfounded. 

“Ms. Breakfield's initial assertions regarding unauthorized access to the village server were similarly scrutinized. Through a thorough investigation by Mr. Wilkin, these claims were identified as misconceptions rather than verified incidents. Furthermore, I had a telephone conversation with Ms. Breakfield, during which she confirmed that the issue stemmed from a ‘misunderstanding’ and a communication breakdown. She also later discovered that the LEADS server, a point of concern, is maintained in a secure and separate location from the village server, which was initially thought to be compromised.”

Hughes pointed out that this “underscores the importance of clear and accurate communication, particularly concerning community trust and security. 

“Addressing these inaccuracies resolves the confusion and reaffirms a commitment to transparency and integrity in the Village of Greenfield operations,” he wrote.

Hughes also credited council for waiting for “Wilkin to complete his investigation” after the June 3 meeting “before taking action, [which] proved to be the best course of action.

“This approach ensured that decisions were based on verified facts and comprehensive findings rather than initial concerns or misunderstandings,” Hughes wrote. “It underscored the importance of following the chain of command and allowing designated officials, like Mr. Wilkin, to lead investigations to their completion without premature intervention. 
 
“Furthermore, this incident highlighted the critical need for clear communication and understanding within organizational settings. The initial lack of accurate information temporarily impeded organizational success and created unnecessary turmoil. Mr. Wilkin's thorough approach not only rectified misunderstandings, but also paved the way for implementing more explicit protocols and preventive measures to enhance future operational integrity."

Hughes concluded his report by reiterating that the entire “incident revolved around a compliance issue” and that “at no point” were the allegations of “losing access to LEADS or OHLEG” actually at risk. He verified as well that the village took the correct “steps … to prevent further issues.

“This review of Mr. Wilkin's investigation into the IT and server issues was based on document examinations and stakeholder interviews, reflecting adherence to established investigative standards,” Hughes said. “It is essential to highlight that this incident revolved around a compliance issue, and no sanctions were imposed. 

“At no point was the Village of Greenfield at risk of losing access to LEADS or OHLEG. The necessary steps have been taken to prevent future issues, ensure secure and compliant operations, and preserve the community’s trust and the integrity of the Village of Greenfield IT systems.”

* * *

••• Publisher's note: A free press is critical to having well-informed voters and citizens. While some news organizations opt for paid websites or costly paywalls, The Highland County Press has maintained a free newspaper and website for the last 25 years for our community. If you would like to contribute to this service, it would be greatly appreciated. Donations may be made to: The Highland County Press, P.O. Box 849, Hillsboro, Ohio 45133. Please include "for website" on the memo line.
 

Comment

Mario Angellio (not verified)

12 July 2024

"We have reached out to our LEADs contact, and he informed us we do not have any violations that he could confirm," Wilkin said. "He could not confirm that we had any unauthorized access. We have requested, and are waiting on a report for all accesses and log-ins to our server."
Where can the alleged report be viewed?
•••••Publisher's note: If you had the guts to use your real name and give me an email address, I will send the full report (it is NOT an "alleged" report) to you – unedited – or you can call the Hamilton Township Chief of Police and request it. It is a public record. Thank you, Miss or Mr. Anonymous.

Sandy (not verified)

12 July 2024

How can I get the full report?
I would very much like to read in it's entirety.
••• Publisher's note: Make a public records request for it.

David Anthony Mayer (not verified)

13 July 2024

Anonymous names lack all credibilty with me. I expanded David A. Mayer to my full legal name, David Anthony Mayer, some time ago. I also have published a valid email address in comments. The only emails (with one exception, an email address not traceable) received were positive and supportive of my viewpoints. And the writers were verified real people per internet searches. One a former elected official in Hillsboro. As to the now investigated false concerns raised in Greenfield, I can only say the taxpayers and citizens should be aware of local agitaters going forward. And vote carefully in the future. IMHO, this was not newsworthy as other recent issues in Highland County. However, I appreciate the effort and time expended by The HCP. Journalistic rabbit holes will still exist. Mayercomments@gmail.com is active for dissenters.

l

Add new comment

This is not for publication.
This is not for publication.

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Article comments are not posted immediately to the Web site. Each submission must be approved by the Web site editor, who may edit content for appropriateness. There may be a delay of 24-48 hours for any submission while the web site editor reviews and approves it. Note: All information on this form is required. Your telephone number and email address is for our use only, and will not be attached to your comment.