A former AMP contractor has pleaded guilty to illegally downloading customer passport and drivers licence details after he was arrested by NSW Police when trying to fly to China.
Yi "Paulsson" Zheng was charged with possessing identity information to commit an indictable offence after the breach involving 20 customers' documents which were sent as a zip file to his personal Gmail address in Sydney in December.
Court documents state he was employed in May 2018 by AMP as a "Support Officer - File Retrieval and Build".
The 28-year-old Chinese national was required to access and compile the digital documents of up to four customers a day before forwarding them to an AMP financial adviser for further review.
Zheng was arrested as he tried to board a flight home to China with his wife on January 17, NSW Police said on Thursday.
Officers seized mobile phones, SIM cards, a laptop, and electronic storage devices from Zheng and his luggage.
In a recorded police interview, Zheng denied any knowledge of the information on his computer or received by his email account, and said he "was not able to explain how or who could have sent the information".
Detectives began investigating after the company's cybersecurity staff were alerted to a system breach and contacted police.
Police facts state Zheng was busted when a software program called Dtex - that records user behaviour and interactions on work devices - tracked him trying to install the dark web browser TOR onto his work laptop.
He was escorted from the building a few days later after retrieving his AMP-issued laptop from his work locker.
Zheng's lawyer, William Chan, entered a plea of guilty for his client in Downing Centre Local Court on Thursday.
Magistrate Michael Barko asked for a pre-sentence report before adjourning the case to March 21.
AMP says all relevant regulators and affected customers have been contacted and additional cybersecurity systems put in place.
"The data breach involved a very small amount of customer information and we have no evidence this data has been further compromised," the financial services company said in a statement.
Cybercrime squad commander Detective Superintendent Matt Craft praised the "proactivity" of AMP staff in identifying the issue, preventing further breaches and assisting their investigation.
"We don't know exactly what the intent was at that particular time but certainly that information was taken without permission," he told reporters in Sydney.
Det Supt Craft said it was a "textbook example" of how matters of identity protection should be run.
Share
