New findings on a controversial city-run youth diversion program include thousands of dollars worth of fraudulent invoices and a data breach in which more than 700 names – many of them juveniles – were released to the personal email account of a relative of a city employee.

So says the Baltimore Office of the Inspector General (OIG) in the latest disclosure from its ongoing investigation of the Mayor’s Office of Neighborhood Safety and Engagement (MONSE) SideStep Pilot Program.

The synopsis report released today – and the city’s official response – highlight not only improprieties in one of the signature programs of the Brandon Scott administration, but the ongoing battle as the mayor tries to slash the powers of the watchdog OIG.

In the case of the fraudulent invoices, submitted to MONSE for reimbursement, IG Isabel Mercedes Cumming found evidence that community-based organizations working with SideStep were submitting falsified documents.

In two instances, an organization was found to have “altered the original invoices and submitted the altered invoices to receive a larger payment.”

Reaching out to the company listed on another community organization’s invoices, Cumming found that company officials were “only able to verify one of several invoices submitted and had no records to support the other invoices.”

Evidence “supports that several of the invoices submitted are fraudulent, which amount to thousands of dollars,” her report noted.

MONSE Pushback

In its official response,  MONSE said it “is deeply concerned about the allegations” and promised to “take every action available to recoup taxpayer funds.”

But the agency’s main reaction was to push back, complaining that the OIG had not provided it with enough information about “the alleged instances of over billing that MONSE could use to review or address the concern.”

“The report does not include the organization’s name, the specific amount, the specific date, or any corresponding information,” MONSE’s statement continued.

Cumming, who is suing the city over records access after hundreds of pages of SideStep documents she sought were redacted, said she could not comment on the report or the city’s complaint.

(Presumably, fuller details about the fraudulent invoices are part of the referral the report says Cumming made about the matter to “to law enforcement so that a criminal investigation can be conducted.”)

Cumming has decried the Scott administration’s refusal to release MONSE and SideStep documents she requested last year, arguing the premise for redacting more than 200 pages of information, if left unchallenged, essentially neuters her office.

• Baltimore IG Cumming says the Scott administration is blocking her investigations (1/27/26)

Today’s report said Cumming has been able to determine, based on a review of Workday invoices for SideStep, that the city issued approximately $694,798.86 to community-based organizations for the program.

But it also noted “the OIG’s review of the SideStep contractor invoices is ongoing and currently limited due to the redacted information.”

“The OIG reiterates that this report clearly shows why oversight and direct access to city records and emails are necessary to identify fraud and prevent liability to the city,” the report said.

“Gravely concerned”

In the case of the data breach, the city’s response was the same.

Cumming, according to the report, found that a MONSE employee sent “a diversion table containing post-arrest diversions” to an employee’s relative’s gmail account. It included cases from 2018 through September 2022,  with individuals’ dates of birth and charges.

MONSE, in response, said it “is gravely concerned about the potential violation,” but again complained about “the lack of relevant details” in Cumming’s report.

The agency acknowledged that it was able to identify the (now former) employee who sent the 2023 email. It said other staff were not aware the email had been sent.

“While the reason the former employee sent the data is unknown at this time, MONSE has not identified any malicious use of the data or further mishandling related to this singular email,” it continued.

The data breach was also referred by Cumming to law enforcement for criminal investigation.

Today’s report also pointed to failures in data collection and case management by the agency.

A review of 51 participants in the SideStep program, for instance, showed that only 24 had case notes in the system.

MONSE officials told the OIG there were no formal case plans, diversion agreements or records of follow-up contacts, limiting the OIG’s ability to judge the program’s effectiveness.

These gaps in data collection have been red-flagged by the OIG since last year when the office began scrutinizing the program, launched in 2022 in partnership with the Police Department’s Western District.

The program’s goal was to prevent young people between 10 and 17 accused of certain crimes from going through the criminal justice system and instead provide them with alternate programming.

In an October 2025 report, the OIG noted that SideStep’s effectiveness could not be determined by an independent evaluator because of poor record retention by MONSE.

There was evidence, however, the report said, that recidivism rates among participants were higher than reported under MONSE’s six-month performance metric.

Because of “concern surrounding the upcoming expansion of the program,” Cumming said then that her office would be “continuing the investigation and will provide a full report at its conclusion, with recommendations.”

Unique Access to Juvenile Records

Given the apparent illegal release of juvenile records, it’s striking to learn from today’s report that MONSE, whose unique ability to obtain juvenile records expired last year, is seeking to get the privilege back, offering the following reasons:

The Mayor’s Office of Criminal Justice (MOCJ) was allowed to access juvenile records due to a 2019 bill that named MOCJ as an exception (carve-out exception) to the State of Maryland law regarding the Confidentiality of Juvenile Records. No other local municipal government is listed in the carve-out exception.

In December 2020, the City replaced MOCJ as a City agency with MONSE, but the law was never changed to reflect the agency change. MONSE continued to access juvenile records based on the carve-out exception in the law during the SideStep program.

The legislation was in effect until September 30, 2025. As of October 1, 2025, MONSE’s access to juvenile records ceased.

The Mayor has requested this carve-out exception be added back to the law. The Mayor has also requested two other mayoral offices to be added to the carve-out. The two offices are the Mayor’s Office of Children and Family Success (MOCFS) and the Mayor’s Office of African American Male Engagement (MOAAME).

The legislation does not make clear how MOCFS and MOAME would use the juvenile records as part of their programs.

The Mayor’s 2026 legislative priorities plan states the reinstatement of juvenile records access “is essential for MONSE’s SideStep diversion program as well as additional youth-focused services.

During February 26, 2026, State of Maryland House of Delegates Committee session for the new legislation, MONSE Director Stefanie Mavronis testified on behalf of the legislation.