Insider sells client identity information to criminals
Relevant impacts: Human impact, reputational impact and business impact
A criminal group coerced a government employee to leak personal information in exchange for cash. The government employee obtained the information from a Department of Human Services' system and sent it by text message to alleged gang members. The criminal group then used the information to assume the identities of innocent people and commit further crimes. The employee pleaded guilty to participating in a criminal group, dealing in identification information and dishonestly receiving a benefit. She was sentenced to 32 months jail.
A positive workplace culture can encourage ethical and supportive behaviours while discouraging fraudulent or corrupt activities. Staff will be less able to rationalise fraudulent or corrupt activities where a positive workplace culture exists. A culture built on honesty, transparency and integrity is a key organisational strength that can serve to reduce the risk of fraud. If weak countermeasures are the fuel, a bad culture can be the spark that ignites fraud and corruption.
Require and support staff and third parties to self-disclose gifts, benefits, incidents, mistakes and real or perceived conflicts of interest.
Limit and control functionality within systems with user permissions. Assign permissions to users based on specific business needs, such as making high-risk functions limited to specialised users. The Protective Security Policy Framework sets out the government protective security policies that support this countermeasure.
Make sure sensitive or official information cannot leave your entity's network without authority or detection.
Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.
Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.
Submit a case study
We'd like to hear from you if you have a case study to share.