SINGAPORE, Aug 20 — A 26-year-old former employee of the United Overseas Bank (UOB) here was charged on Friday (Aug 20) with illegally accessing the bank’s electronic customer database and disclosing the information of 1,166 customers to scammers.
Between April 6 and 22 this year, Cao Wenqing allegedly used her work-issued laptop to access the information of more than 3,300 customers in the bank’s database and make queries on them.
Cao, a Singapore permanent resident from China, is then said to have given the details of more than 1,100 customers to a purported person representing the “Shanghai police”.
She later lodged a police report claiming she fell prey to a China officials impersonation scam, the police said on Thursday evening.
In May, UOB said the affected customers were Chinese nationals.
Court documents showed that the information released included their names, identification, mobile numbers, nationalities and bank account numbers. Cao purportedly sent these details to someone identified as “Lu” over WhatsApp.
The bank added that the employee was suspended after her actions were uncovered. It also wrote to all of the affected customers and took several precautionary measures to protect them as they may be targeted by scammers.
A Monetary Authority of Singapore spokesperson subsequently said the central bank took a serious view of the customer data breach, and would take action against UOB if its regulatory requirements had been breached or supervisory expectations had not been met.
In a statement on Friday, a UOB spokesperson apologised for the breach and said they had “zero tolerance for any behaviour that breaks the trust our customers place in us”.
Cao has since been fired from the bank.
The spokesperson added: “We acted promptly to protect our customers and to support the authorities in their investigations.
“Upon detection, we stepped up our monitoring of affected accounts and we were in regular contact with customers to ensure their accounts remained secure. Our multi-layer security measures kept the affected customers’ accounts safe from the people behind this scam.”
Cao now faces 16 charges of unauthorised access to computer material under the Computer Misuse Act, and 13 charges of unauthorised disclosure of customer information under the Banking Act.
Those convicted of the first offence can be jailed for up to two years or fined up to S$5,000, or both.
Illegally disclosing customer information can attract a jail term of up to three years or a fine of up to S$125,000, or both.
Cao told the court that she intends to plead guilty but wants to hire a lawyer. She will return to court on Sept 10 and remains out on bail of S$15,000.
The police have listed some precautions that people can take when receiving unsolicited calls such as from scammers.
These include talking to a trusted friend or relative before acting, ignoring such calls and the caller’s instructions, and refraining from giving out any personal information and details over the internet or the phone.
“No local government agency will demand payment through an undocumented medium like a telephone call or other social messaging platforms, demand that you surrender cash to unnamed persons, or ask you for personal banking information such as your internet banking passwords,” the police said. — TODAY