Two EY graduate employees on secondment at the Commonwealth Bank have been fired and one has been charged by police after he allegedly accessed the personal bank account information of Prime Minister Anthony Albanese.

Two employees were fired by the consultancy giant over the incident, but only one of them has been charged, along with another individual.

Australian Federal Police confirmed two men – 21-year-old Paul Issa and 25-year-old Phillip Issa – were charged with privacy offences on 6 May for “allegedly accessing restricted personal banking data belonging to a federal parliamentarian”.

Paul Issa is understood to have been a graduate employee at big four consulting firm EY who was seconded at the Commonwealth Bank to work on its technology systems.

The man is believed to have been working from home in Sydney when the alleged offending occurred.

Paul Issa has been charged with accessing restricted data without authorisation and distributing personal data, as well as using a communications device to distribute personal information "in a way that reasonable persons would regard, in all the circumstances, as menacing or harassing towards those individuals”, according to court documents.

Phillip Issa has been charged with facilitating unauthorised access to restricted data.

Both men appeared before Downing Centre local court on Tuesday and were bailed to appear in Newtown Local Court on 25 August.

EY declined to comment.

Albanese has a savings account with the Commonwealth Bank, along with a mortgage for a New South Wales Central Coast property that he co-owns with his wife.

‘Serious issue’, Albanese says

Asked about the incident on ABC News on Wednesday morning, Albanese said it was a “serious issue” and questioned why the EY employee had been able to access the highly personal information.

“It’s before the courts, and I’m not about to go into the detail of that – it’s appropriate charges have been laid,” he said.

“Accessing anyone’s privacy, any Australian’s privacy, is alarming, let alone someone from a contractor who’s not an employee of Commonwealth Bank being able to access that information.”

Treasurer Jim Chalmers said it was a worrying development.

“I think on the face of it, any developments of that kind are incredibly concerning, not just in relation to the PM’s details, but any Australian’s details,” he told the media on Tuesday.

“I assume that there are now legal and other processes to play out and I don’t want to get in the way of those.”


EY is yet to publicly comment on the alleged incident. Image: Shutterstock

Consultancy scandals

There have been a series of scandals involving the big four consultancies in Australia in recent years.

Albanese’s alleged privacy breach comes after EY was earlier this year forced to retract a cybersecurity report when researchers revealed up to three-quarters of the references in it were AI-generated hallucinations.

The report, which was about “cyber threats and fraud in loyalty systems”, was labelled by the researchers as a “collage of misattributions, inaccurate statistics and AI-written text”.

Rival firm KPMG was also recently slapped with a three-month freeze on accessing federal government contracts, following a whistleblower scandal.

Last year Deloitte partially refunded the federal government after it provided a report that featured AI-generated fake references and quotes.

And the Commonwealth Bank earlier this year alerted authorities to a potential fraud scheme that had obtained about $1 billion in illegitimate home loans, including through the use of AI.

The bank was reviewing how many suspicious loans were fraudulently obtained, and reported the case to police.

The bank also recently cut approximately 300 roles, mainly in its tech team, with a reduction in “some standalone support and coordination roles”.