A former AMP IT contractor has pleaded guilty to stealing the confidential identity information from 20 of the bank’s customers.
Following an investigation by NSW Police, Chinese national Yi Zheng, 28, faced court today in Sydney's Downing Centre charged with possessing identity information with the intent of committing an indictable offence.
He is alleged to have accessed and downloaded “23 identity-rated documents belonging to 20 different customers without authority and sent them to his personal email account”, NSW Police said.
NSW Police said AMP's cyber security staff had picked up on the potential breach and contacted police after “reviewing system activity they deemed to be suspicious”.
Zheng was reportedly a "technology worker” at the bank.
“During the initial internal assessment, the network activity was linked to a contractor – a 28-year-old man – and his access to all systems was blocked and employment suspended,” the police statement said.
It had previously established Strike Force Paunelle consisting on detectives from the Cybercrime Squad in December to investigate reports identity information had been accessed without authorisation.
With the assistance of Australian Border Force officers, Zheng was arrested by detectives on 17 January attempting to board a flight to China. Mobile phones, sim cards, a laptop and storage devices were seized in the process and are undergoing forensic examination.
He is expected to appear for sentencing at Downing Centre Local Court on 21 March, with bail to continue.
In a statement, AMP said the breach had involved a very small number of customers, all of whom had been contacted by the bank in December.
“The data breach involved a very small amount of customer information and we have no evidence this data has been further comprised,” a spokesperson said, adding that “extra security controls” have been introduced for those affected.
“We are continuing to monitor this closely.”
The spokesperson said AMP’s “strong cyber security systems” had alerted the bank to the issue.
“These systems worked effectively in identifying a potential issue and we moved swiftly to protect our customers, alerting NSW Police.
NSW Police Cybercrime Squad Commander detective superintendent, Matt Craft, said the incident highlighted the need for business to have robust cyber security measures in place.
“Identity information is an extremely valuable commodity on the black market and dark web, and anyone – whether an individual or business – who stores this data needs to ensure it is protected,” he said.
“In this case, the company’s systems detected a potential issue, and their expert technical staff immediately took steps to identify what occurred and prevent further breaches.
“Their proactivity – including the early engagement with the Cybercrime Squad – and ongoing assistance throughout our investigation were key to a successful resolution.
Police said investigations under Strike Force Paunelle are continuing.