Sacked AMP contractor stopped at airport over alleged identity theft
Beleaguered wealth giant AMP has been hit with identity theft after a Chinese contractor stole private customer data before trying to flee the country.
NSW
Don't miss out on the headlines from NSW. Followed categories will be added to My News.
Beleaguered wealth giant AMP has been hit with identity theft after a Chinese contractor stole private customer data before trying to flee the country.
Sacked customer support worker Yi ‘Paulsson’ Zheng sent client information to his personal email in a ploy to commit fraud last October.
MORE NEWS
Music festival cancelled as organisers lash out
Four charged over McDonald’s brawl
School students pushed to read more ‘queer’ books
But the 28-year-old was arrested at Sydney airport as he boarded a China-bound flight with his wife and six-month-old baby on January 17.
Police seized mobile phones, SIM cards, a laptop, and electronic storage devices from his luggage.
The Burwood resident pleaded guilty to possessing identity information with the intention of committing an indictable offence when he fronted Downing Centre Local Court for the first time on Thursday.
The lanky, bespectacled man stood before Magistrate Michael Barko who said he’d abused a position of trust.
Zheng had been working at AMP’s financial advice building on Kent St, Sydney for six months when he downloaded 23 documents belonging to 20 different customers and sent them to his private Gmail account on October 26, agreed facts state.
He mined names, dates of birth, addresses and driver’s licences and passport photos but police don’t know if the victims were targeted or randomly chosen, stating there’s no known links between the individuals.
Detectives began investigating in December after AMP’s cybersecurity staff noticed a system breach when Zheng tried to install TOR — a dark web internet browser — on his work laptop using a USB.
AMP, which is already in damage control amid the fees-for-no-service scandal, says Zheng was working alone and was fired during the company’s initial internal investigation.
In December the financial services company contacted all affected customers, who now have extra security controls in place, while also notifying regulators.
“The data breach involved a very small amount of customer information,” an AMP spokeswoman said.
“We have no evidence this data has been further compromised. We are continuing to monitor this closely.”
But police are unable to speculate on what has happened to the documents since and it is still unclear exactly what Zheng planned to do with them.
Cybercrime Squad Commander Matt Craft said identity information was extremely valuable on the black market and businesses that stored this data must ensure it was protected.
“There’s a lot of damage that can be done,” Detective Superintendent Craft said.
Following his arrest, the Australian resident was ordered to surrender his passport under bail conditions, with police flagging him as a flight risk.
Zheng will be sentenced on March 21.
It comes as AMP replaced the head of its wealth management unit days after the release of the banking royal commission’s final report.
On Thursday Paul Sainsbury, who admitted to Commissioner Kenneth Hayne that AMP had charged thousands of dead superannuation customers for life insurance, announced he would hand over responsibility for the unit to Alex Wade.
The shocking revelation led to the resignation of AMP boss Craig Meller and chair Catherine Brenner last year.