Worker Admits Stealing Customers' Identity Documents
Hot on the heels of being shamed at the Banking Royal Commission, AMP is facing a new scandal, with a former worker admitting he stole customers identity documents.
Yi Zheng, 28, a Chinese National who contracted for AMP in its Sydney office, today pleaded guilty to a charge of possessing identity information to commit an indictable offence.
He’s expected to be sentenced in the Downing Centre Court this afternoon.
Police say Zheng downloaded the personal details and ID documents of 20 customers in December, then forwarded them to his own email account.
AMP’s cybersecurity staff identified the breach and immediately suspended Zheng’s access to the company’s systems.
Detectives were contacted and Zheng was arrested as he tried to board a flight to China on January 17.
In his luggage, investigators seized mobile phones, sim cards, a laptop, and electronic storage devices, which are undergoing forensic examination.
In a statement to 10 News First, AMP thanked the police for their investigation.
“The data breach involved a very small amount of customer information and we have no evidence this data has been further compromised.”
“We are continuing to monitor this closely.”
“AMP contacted all affected customers in December and extra security controls are in place for these customers.”
“We also notified the relevant regulators.”
Police say Zheng stole a total of 23 identity documents, which they suspect he may have intended to sell for profit.
His employment with AMP was immediately suspended when the breach was identified.
AMP copped a public lashing when the Banking Royal Commission heard the financial services company charged thousands of dead superannuation customers ongoing fees for life insurance.
It also faces possible criminal prosecution for misleading ASIC.
AMP’s Chief Executive Officer Craig Meller was the Commission’s first big scalp — quitting his post and apologising to customers.
Detective Superintendent Matt Craft, who runs the NSW Police Cybercrime Squad said Zheng’s case highlights how important it is for businesses to have strong cybersecurity measures.
“Identity information is an extremely valuable commodity on the black market and dark web, and anyone – whether an individual or business – who stores this data needs to ensure it is protected,” Det Supt Craft said in a statement.
“In this case, the company’s systems detected a potential issue, and their expert technical staff immediately took steps to identify what occurred and prevent further breaches.”
“Their proactivity – including the early engagement with the Cybercrime Squad – and ongoing assistance throughout our investigation were key to a successful resolution.”
He'll be sentenced on March 21.