EY sacks graduate employee after he allegedly accessed Australian PM's bank account
Guardian AU Business
β’Tue, 30 Jun 2026 07:39:57 GMT
π° What Happened
A graduate employee at Ernst & Young (EY) has been sacked after he and another man allegedly accessed Australian Prime Minister Anthony Albanese's personal bank account. Paul Issa, 21, who was an EY graduate on secondment at Commonwealth Bank, was charged with accessing restricted data without authorization and distributing personal data. Phillip Issa, 25, was charged with facilitating unauthorized access to restricted data. The two Sydney men were originally charged on May 6 and appeared before Downing Centre Local Court on Tuesday, where their bail was continued until their next court appearance on August 25. According to Albanese's register of interests, he holds a savings account at Commonwealth Bank and a jointly owned mortgage on a property on the New South Wales Central Coast. EY confirmed that Paul Issa had been terminated from his position following the incident.
π The Backstory
Ernst & Young is one of the 'Big Four' accounting firms, providing audit, tax, and consulting services globally. The firm has a long-standing relationship with Commonwealth Bank, one of Australia's 'Big Four' banks. Secondment arrangements, where consulting firm employees work inside client organizations, are common in the professional services industry but raise questions about data governance and access controls. Australia has strict privacy laws governing financial data, and unauthorized access to personal banking information can carry severe penalties. Incidentally, Prime Minister Anthony Albanese and UK Prime Minister Keir Starmer had recently been compared in a Guardian article, noting parallels in their political trajectories.
π― Why It Matters
This breach raises serious concerns about data security at Australia's largest financial institution and the oversight of employees on secondment from consulting firms. The fact that a graduate employee on secondment could access the Prime Minister's personal financial data highlights potential vulnerabilities in how banks manage privileged access. The case also underscores the reputational risks for both EY and Commonwealth Bank in an era of heightened data privacy scrutiny.
A graduate employee at Ernst & Young (EY) has been sacked after he and another man allegedly accessed Australian Prime Minister Anthony Albanese's personal bank account. Paul Issa, 21, who was an EY graduate on secondment at Commonwealth Bank, was charged with accessing restricted data without authorization and distributing personal data. Phillip Issa, 25, was charged with facilitating unauthorized access to restricted data. The two Sydney men were originally charged on May 6 and appeared before Downing Centre Local Court on Tuesday, where their bail was continued until their next court appearance on August 25. According to Albanese's register of interests, he holds a savings account at Commonwealth Bank and a jointly owned mortgage on a property on the New South Wales Central Coast. EY confirmed that Paul Issa had been terminated from his position following the incident.
Ernst & Young is one of the 'Big Four' accounting firms, providing audit, tax, and consulting services globally. The firm has a long-standing relationship with Commonwealth Bank, one of Australia's 'Big Four' banks. Secondment arrangements, where consulting firm employees work inside client organizations, are common in the professional services industry but raise questions about data governance and access controls. Australia has strict privacy laws governing financial data, and unauthorized access to personal banking information can carry severe penalties. Incidentally, Prime Minister Anthony Albanese and UK Prime Minister Keir Starmer had recently been compared in a Guardian article, noting parallels in their political trajectories.
This breach raises serious concerns about data security at Australia's largest financial institution and the oversight of employees on secondment from consulting firms. The fact that a graduate employee on secondment could access the Prime Minister's personal financial data highlights potential vulnerabilities in how banks manage privileged access. The case also underscores the reputational risks for both EY and Commonwealth Bank in an era of heightened data privacy scrutiny.