DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

California man pleads guilty to wire fraud for $1 million fraud scheme to steal from his employer

Posted on May 6, 2025 by Dissent

Today’s reminder of the insider threat:

Seattle – A 43-year-old Laguna Niguel, California man pleaded guilty today in U.S. District Court in Seattle to wire fraud for his scheme to steal nearly $1 million from his employer, announced Acting U.S. Attorney Teal Luthy Miller. Paul Joseph Welch was the IT manager of Kent, Washington energy manufacturing company Algas-SDI when he used various schemes to steal more than $950,000 from the company. Welch is scheduled to be sentenced by U.S. District Judge Jamal N. Whitehead on August 21, 2025.

According to records in the case, Welch worked for the company from 2011 to 2024. He was promoted to Information Technology Manager in 2018. As early as 2017, Welch used the company’s Amazon business account to make unauthorized personal purchases from Amazon.com. Between 2017 and 2023, those purchases totaled at least $43,000. Welch primarily purchased electronics such at televisions, laptops and more—all for personal use. In 2019, Welch began using his company credit card for personal purchases through other online retailers such as Apple, Alaska Airlines, Instacart, and BestBuy. Between 2019 and 2024, those unauthorized personal purchases totaled at least an additional $60,000.

The scheme really accelerated in January 2021 when Welch began making payments to himself disguised as payments to a computer services company. Welch created a series of email addresses and payment processor accounts using a business name that was very similar to a legitimate computer services company based in Washington State. Welch then used Algas-SDI company credit cards to pay the computer services company under the guise that the company was providing IT equipment and services to Algas-SDI.  However, the legitimate computer services company had no relationship with Welch and never provided any services or equipment to Algas-SDI. The credit card payments Welch made from Algas-SDI’s credit cards went directly to the payment processor accounts that Welch controlled. Between 2021 and 2024 Welch used this scheme to transfer approximately $879,175 from company accounts to his own accounts.

Algas-SDI tried to verify the legitimacy of Welch’s activity on multiple occasions, but each time, Welch provided false or misleading information to cover up his scheme. Algas-SDI employees asked Welch to submit invoices to substantiate his charges, but Welch emailed phony documents designed to look like invoices from the legitimate computer services company. At one point in 2023, an Algas-SDI accounting employee identified personal purchases on Welch’s company credit card. Welch claimed the charges were inadvertent and said he would repay the company. Welch never repaid the charges and continued to defraud the company through unauthorized personal purchases and more fake vendor charges. In January 2024, alone, Welch submitted phony invoices to Algas-SDI showing that the computer services company had purportedly invoiced Algas-SDI more than $55,000 for equipment and services in that timeframe.

On January 19, 2024, Algas-SDI employees confronted Welch about the charges from the computer services company accounts that Welch controlled. After Welch again told Algas-SDI that the vendor was a real vendor for the company, the company fired him.

The wire fraud charge is representative of the overall scheme. It represents the times Welch emailed the company false statements or invoices purported to be from a legitimate computer services company.

In all, between 2017 and January 2024 Welch secretly made at least 250 fraudulent charges for the third-party vendor he controlled. He made at least 140 unauthorized purchases with retailers using the company credit card and at least 100 fraudulent purchases on the company’s Amazon account. While Welch profited some $950,000 from his theft, the loss to ALGAS-SDI was approximately $982,520 due to various fees on the transactions.

Welch has agreed to make full restitution to the company.

Wire fraud is punishable by up to 20 years in prison and a $250,000 fine. Prosecutors have agreed to recommend no more than 27 months in prison. The actual sentence will be determined by Judge Whitehead after considering the sentencing guidelines and other statutory factors.

The case was investigated by the FBI. The case is being prosecuted by Assistant United States Attorney Dane A. Westermeyer.

Source: U.S. Attorney’s Office, Western District of Washington

Category: Insider

Post navigation

← Negotiations with the Akira ransomware group: an ill-advised approach
Alleged Nomad Bridge Hacker Arrested and Faces US Extradition →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.