With the fallout from the final Royal Commission already seeing several executives leave their posts this week, being able to avoid any more scandals would likely have been a fairly high priority. However, those plans did not go so well for AMP as one of their contractors has been charged with stealing identifiable customer data from the bank.
AMP is the largest wealth manager in Australia, and it is known that any data being leaked of who is investing in what could pose massive issues in terms of reliability and the confidentiality of investors.
The man charged was revealed to be a 28-year old Chinese citizen named Yi Zheng, who pleaded guilty in a court in Sydney earlier this week.
Just how safe AMP is as an investment platform will now be a line of questioning to sit uneasily alongside their previous revealed issues such as charging fees when no service was handed out. The Australian Securities and Investments Commission (ASIC) has already been lambasting them over what services they had actually been carrying out, and now they will come under fire for how well they are protecting essential private customer data.
They have already lost several members of the board and senior management team in the last year since news of the Royal Commission inquiry first broke, reflecting a similar scene in many of the other major lenders.
With all that in mind, being able to defend themselves and rebuild their reputation was likely to be a big challenge already in 2019, but with news like this breaking, it will immediately deflate their intent.
Zheng has been charged with stealing 23 different documents relating to 20 AMP customers, where he accessed them off the network and sent them to his own personal email. This triggered a security warning for cybersecurity staff at the bank, who were then able to track it to his email.
The official charge was ‘with possess identity info to commit indictable offence’, which was levied against him upon his arrest as he tried to board a flight to his native China in mid-January. At the time, all of his electronic devices and sim cards were seized.
Although they made no reference to what they thought he planned to do with the data at the time, Matt Craft, the Detective Superintendent said, ‘identity information is an extremely valuable commodity on the black market and dark web, and anyone – whether an individual or business – who stores this data needs to ensure it is protected.’
While it will only seem like a small number of customers compared to bigger data breaches which make international news, the fact that this comes from a wealth management perspective rather than those who simply purchase broadband, means there would have been more potential leverage with the data.
As AMP try and climb out the mire, the fact that this occurred under their watch as recently as December indicates they had not really implemented any better controls even as the commission inquiry was unraveling before them.
This suggests that there may yet be more hurdles they need to clear before they can stake their claim as a reformed bank with a changed culture but, in order to do so, they will have to ensure they can keep out of the headlines in this regard for a little while.