NewsBite

Slater & Gordon warned payroll manager Bridgett Maddox behind email attack, documents reveal

Slater & Gordon was told within half an hour of becoming the victim of a malicious email attack that the culprit might be its former payroll manager Bridgett Maddox, a convicted fraudster, according to documents filed in a lawsuit against the firm.

Slater & Gordon chief executive Dina Tutungi, left, and former interim chief people officer Mari Ruiz-Matthyssen
Slater & Gordon chief executive Dina Tutungi, left, and former interim chief people officer Mari Ruiz-Matthyssen

Convicted fraudster and former Slater & Gordon payroll manager Bridgett Maddox told the woman responsible for sacking her that it brought her “glee” to see her impersonated as the author of an email targeting the firm and revealing the salary information of 900 employees, according to new court documents.

Former interim chief people officer Mari Ruiz-Matthyssen, who was falsely accused of sending the “malicious” all-staff email, on Wednesday filed legal action against the firm in which she claims she told chief executive Dina Tutungi within half an hour of the email being sent that she suspected Ms Maddox was behind it.

In the week after the email wreaked havoc within the firm, Ms Ruiz-Matthyssen claims she received a text message from Ms Maddox – who the firm had already identified as having “a criminal mind” – taking joy in the unfolding saga, and warning her to “keep my name out of your mouth”.

Former Slater + Gordon employee, and convicted fraudster Bridgett Maddox. Picture: Liam Mendes / The Australian
Former Slater + Gordon employee, and convicted fraudster Bridgett Maddox. Picture: Liam Mendes / The Australian

BlackBay Lawyers solicitor Monica Allen, acting for Ms Ruiz-Matthyssen, said Slater & Gordon’s response to the incident had been “deeply flawed”.

“As a result, our client has endured significant and ongoing personal and professional harm,” she said in a statement.

“Today Ms Ruiz-Matthyssen has commenced proceedings in the Victorian Supreme Court and we are resolute in our commitment to ensuring Slater & Gordon are held accountable for their actions – and inactions.”

In a writ filed with the ­Supreme Court of Victoria, Ms Ruiz-Matthyssen is claiming negligence by Slater & Gordon for failing to take protective steps “in light of known risks arising from the conduct and prior systems ­access of Maddox”.

Dina Tutungi, CEO of Slater & Gordon Lawyers. Picture: LinkedIn
Dina Tutungi, CEO of Slater & Gordon Lawyers. Picture: LinkedIn

Ms Ruiz-Matthyssen had been instrumental in sacking Ms Maddox after the payroll manager was suspended and investigated over the improper handling of a $200 gift voucher.

Ms Ruiz-Matthyssen alleges that four days after the explosive email dropped at the law firm, Ms Maddox sent her a text message saying: “It brings me an amount of glee to see you being accused of something you most likely didn’t do, given what you did to me … I suggest – no actually I warn you – keep my name out of your mouth.”

Ms Maddox – under the name Bridgett Jones – has a lengthy history of fraud and theft, which culminated in her spending two years in prison from 2017 to 2019 for stealing more than $300,000 from her employers.

Ms Ruiz-Matthyssen says she was unaware of Ms Maddox’s criminal history when she led the disciplinary process that ended in Ms Maddox’s suspension in ­November last year.

On February 21 this year, the hoax email was sent to all of Slater & Gordon’s 900 staff, purportedly by Ms Ruiz-Matthyssen from a personal Gmail account. However, the metadata of the attached Excel salary spreadsheet identified “Bridgett” as the creator of the document.

The author of the email ­appeared to have inside information about private dinners at the home of Ms Tutungi, illnesses suffered by staff, rivalries between named ­individuals, investigations into cases of inappropriate conduct, planned redundancies and even gossip about which board member “they will ditch this year”.

According to the writ, Ms Ruiz-Matthyssen became aware in October last year that Ms Maddox had improperly allocated herself a $200 voucher for gift card provider Prezzee.

Ms Ruiz-Matthyssen, who was only ever required to “interact with Ms Maddox in relation to operational and personnel matters”, was tasked with overseeing the firm’s response to her conduct.

After escalating the matter to Ms Tutungi, Ms Ruiz-Matthyssen was referred to the firm’s external counsel, Steve Palmer.

“In the course of managing Maddox’s suspension and pending investigation, Mr Palmer stated to (Ms Ruiz-Matthyssen) words to the effect of ‘Let’s just say Bridgett has a criminal mind … it’s best for you not to know’,” the writ reads.

Ms Maddox’s criminal offending began in 2006 when she was charged with theft while working as a Pizza Hut call centre employee. Having obtained credit card details that were not hers, she used them to fraudulently obtain money. She was put on a good ­behaviour bond.

In July 2014, she was placed on a suspended sentence for using multiple American Express credit cards provided by her company at retail and fashion stores. She was ordered to pay $11,288 back to her employer after 66 charges were laid against her.

Just months later, she breached the suspended sentence while working at Melbourne flooring company, Premium Floors.

She was caught stealing more than $240,000 from the company by depositing money from its CommBank account to her credit card, using corporate cards in the name of her colleagues for personal gain and creating false accounting documentation.

Bridgett Maddox, left
Bridgett Maddox, left

In September 2018, Ms Maddox – again operating under the name Bridgett Jones – was handed a further one-year prison term for stealing $87,000 and using forged pay slips to obtain a $900,000 mortgage while working in payroll at Ultro Construction and Recruitment.

She was released from prison in 2019, and started work with Slater & Gordon in 2022.

In the writ, Ms Ruiz-Matthyssen says she was unaware of the full extent of Ms Maddox’s criminal history when investigating the voucher theft allegations.

Ms Maddox was suspended from her duties on November 4 last year, and Ms Ruiz-Matthyssen was required to “manage that process and lead communications regarding the suspension”.

The following day, Ms Ruiz-Matthyssen claims Slater & Gordon became aware “that a two-factor verification code for an Adobe account had been sent to both Maddox’s firm-issued and personal Gmail accounts”. The chief information officer, according to the writ, reported internally that it could not be confirmed if Ms Maddox had uploaded confidential information to Adobe.

Ms Maddox was terminated from Slater & Gordon in early December 2024, the writ says. Shortly after, she commenced legal action against the firm, alleging unlawful conduct by Ms Ruiz-Matthyssen.

Ms Ruiz-Matthyssen alleges Slater & Gordon was aware that Ms Maddox had made formal complaints against her, and that concerns had been raised about Ms Maddox’s “access to and use of confidential data during the disciplinary period”.

She claims Ms Tutungi had “personally accessed and reviewed Maddox’s internal emails”. Ms Maddox “had exhibited personal hostility toward (Ms Ruiz-Matthyssen) following her termination,” the writ says.

On February 21, Ms Ruiz-Matthyssen was working from home when, at about 9.50am, she was contacted by a colleague asking whether she had intentionally sent an all-staff email criticising various senior Slater & Gordon executives and exposing the pay information of 906 employees.

It was Ms Ruiz-Matthyssen’s final day at the firm. She claims that about 10 minutes later she received a phone call from Ms Tutungi telling her she had sent “a disgusting email” before saying she “had to go” and hanging up the phone. This was despite Ms Ruiz-Matthyssen telling her she had not authored or sent the email.

Ms Ruiz-Matthyssen says she tried to contact other members of the executive team, before receiving another call from Ms Tutungi, in which she denied any involvement with the email.

She claims she told Ms Tutungi that, in her view, “the language used in the email and the contents of the attached payroll spreadsheet suggested that the author may have been Maddox”.

She noted the payroll data “appeared current to November 2024” which was when Ms Maddox still had access to the firm’s ­remuneration systems.

Ms Ruiz-Matthyssen claims she told Ms Tutungi about 11am that she planned to report the matter to police, but the chief executive told her to hold off until an emergency board meeting could be convened. By 1pm, she was receiving inquiries from journalists.

“At that time, the defendant had not issued any public statement addressing the matter and the plaintiff had not received any guidance, support, or communication from the defendant concerning the incident or its implications for her,” the writ reads.

At about 1.10pm, Ms Ruiz-Matthyssen says, she was contacted by board member Stella Thredgold who had appointed her “point of contact” and “support” for the matter. She says she told Ms Thredgold she did not feel ­supported by the firm.

Two minutes later, Ms Tutungi sent an all-staff email saying a ­distressing email had been sent around, which contained in­accurate, defamatory and false ­information.

“No reference was made in the 1.12pm email to (Ms Ruiz-Matthyssen’s) denial of authorship or to her co-operation with (Slater & Gordon) in addressing the incident,” the writ reads.

At about 3.42pm, Ms Ruiz-Matthyssen says, she received a draft media statement from Ms Thredgold, which said the “purported author of the email” had informed the firm she did not send it, that the contents of the email didn’t reflect her views, and that she had planned to refer the ­matter to police.

Ms Ruiz-Matthyssen claims she responded to the statement requesting that it be amended to read: ‘The Interim Chief People Officer is not the author or sender of that email, nor is that email address attributed to her.”

She says she did not receive a final copy of the statement, nor was she advised on whether her change was adopted.

“At no time on 21 February 2025, did (Slater & Gordon) issue any clear or unequivocal public statement affirming that (Ms Ruiz-Matthyssen) was not the author of the email; exonerate (Ms Ruiz-Matthyssen) in internal communications or provide reassurance to its employees regarding her noninvolvement; or offer (Ms Ruiz-Matthyssen) reputational support, welfare assistance, or direct contact from any senior representative in the immediate aftermath of the incident,” the writ reads.

The writ says as a result of Slater & Gordon’s breach of contract and negligence, Ms Ruiz-Matthyssen has sustained “reputational harm”, psychiatric distress, loss of income, and her offer to become Chief People and Culture Officer at Hume Bank was withdrawn.

Slater & Gordon “failed to issue any clear or timely statement” affirming she was not the author of the email, she claims, and “failed to take protective steps in light of known risks arising from the conduct and prior system access of Maddox”.

A Slater & Gordon spokesperson said the firm “has made clear in its public statements on this matter that Ms Ruiz-Matthyssen was not the author or sender of this malicious email”.

“As this matter is before the courts, it’s not appropriate to comment further,” the spokesperson said.

Ms Maddox has been contacted for comment.

Original URL: https://www.theaustralian.com.au/business/legal-affairs/slater-gordon-warned-payroll-manager-bridgett-maddox-behind-email-attack-documents-reveal/news-story/3f960515780de5672246e6af5da706f8