A former AMP contractor has pleaded guilty over illegally accessing personal details of customers in Sydney, including drivers’ licences and passports.
The financial services company contacted police after IT staff identified suspicious activity on one of its computer systems at the end of last year.
The breach was linked to a 28-year-old contractor, who was later suspended from work and had his access to customer databases blocked.
Chinese national Yi Zheng faced court accused of downloading documents belonging to 23 AMP customers and sending them to his personal email account.
Police said the documents were taken with the intention of committing fraud.
It is alleged that in October 2018, Zheng placed the information into a file on his personal laptop, which he then emailed to a Gmail account, police documents say.
In December, he tried to install a Dark Web or TOR internet browser on his laptop using a USB, which alerted AMP’s cyber security staff.
Four days later, when Zheng retrieved his laptop from his work locker, his supervisor took it from him and he was escorted from the building.
On January 17, he was arrested by police and the Australian Border Force at Sydney International Airport, as he was about to board a flight to China with his wife and child.
Authorities searched his luggage and seized mobile phones, SIM cards, a laptop and electronic storage devices, which have been sent away for forensic examination.
Zheng was taken to Mascot Police Station and was charged with possessing identity information to commit an indictable offence.
He denied any knowledge of the information on his personal work computer or of it being sent to his personal Gmail account, during an interview with police.
But he was not able to explain how or who could have sent the information.
‘No evidence data has been compromised’
AMP has been working with NSW Police and said it had strong cybersecurity systems in place to protect customer data.
“These systems worked effectively in identifying a potential issue and we moved swiftly to protect our customers, alerting NSW Police,” the company said in a statement.
“The data breach involved a very small amount of customer information and we have no evidence this data has been further compromised. We are continuing to monitor this closely.”
In Downing Centre Local Court on Thursday, Zheng’s lawyer William Chan entered a plea of guilty and said the matter was ready to proceed to sentence.
He was granted bail on the condition he hand over his passport.
AMP contacted all affected customers in December and said extra security controls were in place for them.
It also notified the relevant regulators.
AMP has been in damage control since the banking royal commission heard claims some customers were charged for advice they never received, and in some cases, even after they died.
The shocking revelations led to the first major scalp with the resignation of AMP boss Craig Meller in April last year.