Insider sells client identity information to criminals

Publisher
Sydney Morning Herald
Date published
November 2017

Relevant impacts: Human impact, reputational impact and business impact

A criminal group coerced a government employee to leak personal information in exchange for cash. The government employee obtained the information from a Department of Human Services' system and sent it by text message to alleged gang members. The criminal group then used the information to assume the identities of innocent people and commit further crimes. The employee pleaded guilty to participating in a criminal group, dealing in identification information and dishonestly receiving a benefit. She was sentenced to 32 months jail.

Access the source

Related fraudster personas

The Reckless

The Reckless acts without care, responsibility or regard to the consequences of their actions by disregarding requirements, procedures, warnings or directions to gain personal benefits.

The Exploiter

The Exploiter uses something for a wrongful purpose to dishonestly gain personal benefits.

The Coercer

The Coercer influences, manipulates or bribes another person to act in a desired way to dishonestly gain personal benefits.

Related countermeasures

Positive workplace culture

A positive workplace culture can encourage ethical and supportive behaviours while discouraging fraudulent or corrupt activities. Staff will be less able to rationalise fraudulent or corrupt activities where a positive workplace culture exists. A culture built on honesty, transparency and integrity is a key organisational strength that can serve to reduce the risk of fraud. If weak countermeasures are the fuel, a bad culture can be the spark that ignites fraud and corruption.

User permissions in systems

Limit and control functionality within systems with user permissions. Assign permissions to users based on specific business needs, such as making high-risk functions limited to specialised users. The Protective Security Policy Framework sets out the government protective security policies that support this countermeasure.

Protect data from loss

Personal and government information is highly sought after by fraudsters and organised criminals. The way data is collected and stored can also change the scale and impact of a potential breach. To better protect personal information, the minimal data required for a transaction should be collected, used and retained. Make sure sensitive or official information cannot leave your entity's network without authority or detection.

Fraud detection software

Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.

Audit logging

Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.

Submit a case study

We'd like to hear from you if you have a case study to share.

Submit your case study

Was this page helpful?