A junior employee at Ernst & Young (EY) has been charged in relation to unauthorized access to Australian Prime Minister Anthony Albanese’s banking information while seconded to the Commonwealth Bank of Australia (CBA). The Australian Federal Police (AFP) announced that two men from Sydney face charges linked to the alleged access and dissemination of restricted personal data belonging to a federal parliamentarian.
Paul Issa, 21, who was employed by EY at the time, appeared in a Sydney court facing one count of unauthorized access or modification of restricted data and one count of using a carriage service to publish or distribute personal information. Phillip Issa, 25, who was not an EY employee, was also charged with unauthorized access to restricted data. Both men were released on bail. Following the charges, EY confirmed that Paul Issa is no longer employed by the firm.
The incident came to light after the Commonwealth Bank alerted EY to the alleged data breach. In response, another EY employee was dismissed after an internal investigation. The affected data pertained specifically to Prime Minister Albanese’s banking details, according to a source familiar with the matter. The Prime Minister’s office declined to comment on the situation.
Australia’s Treasurer, Jim Chalmers, described the episode as “incredibly concerning” during a press briefing. EY declined to provide a statement, while Commonwealth Bank stated it was “not appropriate” to comment on individual contractor issues.
This event adds to a series of recent controversies involving major accounting and consulting firms in Australia related to unauthorized use or access of confidential data. KPMG has seen several senior partners, including its chair and CEO, resign after the firm’s failure to properly investigate allegations that senior audit staff accessed sensitive client information to gain competitive advantage. Similarly, PwC replaced its top Australian management three years ago following revelations that a tax partner leaked confidential government information to colleagues for use in securing contracts.
At the time of the breach, the two EY employees were assigned to a technology project at Commonwealth Bank. Both had received training from EY and the bank on data privacy and the proper handling of sensitive information. The AFP investigation remains ongoing.
