Skip to main content

Insider sells client identity information to criminals

Sydney Morning Herald
Date published
November 2017

Relevant impacts: Human impact, reputational impact and business impact

A criminal group coerced a government employee to leak personal information in exchange for cash. The government employee obtained the information from a Department of Human Services' system and sent it by text message to alleged gang members. The criminal group then used the information to assume the identities of innocent people and commit further crimes. The employee pleaded guilty to participating in a criminal group, dealing in identification information and dishonestly receiving a benefit. She was sentenced to 32 months jail.

Related countermeasures

A positive workplace culture can encourage ethical and supportive behaviours while discouraging fraudulent or corrupt activities. Staff will be less able to rationalise fraudulent or corrupt activities where a positive workplace culture exists. A culture built on honesty, transparency and integrity is a key organisational strength that can serve to reduce the risk of fraud. If weak countermeasures are the fuel, a bad culture can be the spark that ignites fraud and corruption.

Limit and control functionality within systems with user permissions. Assign permissions to users based on specific business needs, such as making high-risk functions limited to specialised users. The Protective Security Policy Framework sets out the government protective security policies that support this countermeasure.

Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.

Submit a case study

We'd like to hear from you if you have a case study to share.

Submit your case study

Was this page helpful?