SYDNEY (Reuters) - A Chinese contractor for Australian financial planner AMP Ltd was charged with stealing the confidential data of 20 of its customers, police and the company said on Thursday.
The man, named by authorities as Yi Zheng, 28, pleaded guilty to the offence in a Sydney court on Thursday, the Australian Associated Press reported.
New South Wales state police said they began investigating the breach after AMP’s cybersecurity staff noticed suspicious activity on the company network in December.
The investigation led them to Yi, who had downloaded 23 identity-related documents belonging to 20 customers and sent them to his personal email account, police said.
Yi was arrested as he tried to board a flight to China on Jan. 17, police said, adding that they seized mobile phones, SIM cards, a laptop, and other electronic storage devices from his luggage.
He was charged “with possess identity info to commit indictable offence”, police said, without saying what the man planned to do with the customer information.
“Identity information is an extremely valuable commodity on the black market and dark web, and anyone – whether an individual or business – who stores this data needs to ensure it is protected,” New South Wales Cybercrime Squad Commander, Detective Superintendent Matt Craft, said in a statement.
An AMP spokeswoman said the data breach involved a small amount of customer information and there was no evidence the data was further compromised.
The company had contacted all affected customers, put extra security controls in place for those customers, and notified the relevant regulators.
Yi’s lawyer did not immediately respond to a request for comment.
Reporting by Byron Kaye; Editing by Michael Perry
Our Standards: The Thomson Reuters Trust Principles.