TL;DR
Two Ernst & Young employees have been dismissed following allegations that they accessed Prime Minister Anthony Albanese’s banking information during a breach at Commonwealth Bank. Police have charged one of the men with privacy offences. The incident raises concerns about data security within major firms and banks.
Two employees of Ernst & Young have been dismissed after allegations that they accessed Prime Minister Anthony Albanese’s banking information during a cybersecurity incident at Commonwealth Bank. The Australian Federal Police confirmed that one of the men has been charged with privacy offences related to the incident, marking a significant breach of privacy and security involving a high-profile political figure.
The Australian Federal Police announced in May that they had charged two Sydney men, aged 21 and 25, with accessing restricted data without authorization. The charges stem from an investigation into a cybersecurity breach at Commonwealth Bank, where the bank identified that the two individuals accessed information belonging to Prime Minister Albanese. The younger man, Paul Issa, faces an additional charge for allegedly using a communications device to distribute personal information in a way considered menacing or harassing. Ernst & Young confirmed that both men were employed by the firm at the time of their alleged misconduct and have now been terminated. The company declined to comment further on individual employment matters.
The police have stated that only one of the men has been formally charged, and the investigation is ongoing. The breach involved the access of sensitive banking data linked to a federal politician, raising concerns about privacy protections within major financial and consulting institutions.
Implications for Data Security in Australia
This incident underscores growing concerns over data security within Australia’s banking and professional services sectors. The breach involving a high-ranking politician highlights the potential risks of unauthorized access to personal information, which could be exploited for malicious purposes. The case also raises questions about the effectiveness of internal controls at firms like Ernst & Young and major banks in safeguarding sensitive data from internal threats or breaches.
For the public and policymakers, the event emphasizes the need for stronger privacy safeguards and oversight, especially as cyber threats and insider risks continue to evolve. The breach could lead to increased scrutiny of data handling practices across the financial and consulting industries, with potential regulatory responses aimed at preventing similar incidents in the future.

Secure Web Development & OWASP Top 10: The Definitive Guide: How to Shield Your Apps Against SQL Injection, Data Breaches, and GDPR Fines (For Node.js, PHP, and Java) (Cyber Defense & Hacking)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Recent Data Breaches in Major Firms and Banks
This incident is part of a broader pattern of data security issues involving Australia’s ‘Big 4’ professional services firms and major banks. In 2022, PwC was embroiled in a scandal over misuse of confidential government information, leading to a temporary ban from federal contracts. KPMG faced a scandal over the misuse of client data, prompting a freeze on new government work. These events have heightened awareness of internal risks and the importance of robust data governance.
The Commonwealth Bank breach, which involved accessing Prime Minister Albanese’s banking details, is among several recent cases that reveal vulnerabilities in Australia’s data protection systems. The ongoing investigations and the termination of the employees involved reflect the seriousness with which authorities and firms are treating these security lapses.
“This incident highlights the increasing importance of internal controls and data security within financial institutions and consulting firms.”
— an anonymous researcher

CyberSecurity Monitoring Tools and Projects: A Compendium of Commercial and Government Tools and Government Research Projects
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Details of the Data Breach and Investigation Unclear
It is not yet clear exactly how the two men accessed Albanese’s banking information or the extent of the data involved. While police have charged one individual, the full scope of the breach and whether other personnel were involved remain under investigation. Ernst & Young has not provided detailed comments on the breach or the internal controls in place at the time.
Further details about how the breach occurred and potential security lapses are expected to emerge as investigations continue.

McAfee Total Protection 5-Device | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, Identity Monitoring | 1-Year Subscription with Auto-Renewal | Download
DEVICE SECURITY – Award-winning McAfee antivirus, real-time threat protection, protects your data, phones, laptops, and tablets
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Legal Proceedings and Industry Reforms Likely to Follow
The two men charged are scheduled to appear in Newtown Local Court on August 25, with their cases still pending. Authorities are expected to continue their investigations into the breach, including examining how the data was accessed and whether additional individuals or entities were involved. Ernst & Young has stated it will cooperate with authorities and review its internal security protocols.
Regulatory bodies and industry groups may also respond with new guidelines or oversight measures aimed at preventing similar breaches in the future, especially given the high-profile nature of the data involved.

IOGEAR USB Common Access Card (CAC) Reader – EMV Level 1/ 4.1 Compliant – PC/SC version 1.0/2.0 – Class A, B, and C (5V / 3V / 1.8V) – T0, T1 Protocol – Compatible MS USB-CCID Driver – GSR212
Suitable for applications in government, healthcare, banking, and secure network login . Support EMV Level 1 specification. Designed…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What exactly happened in the data breach involving Albanese?
Two Ernst & Young employees are alleged to have accessed Prime Minister Albanese’s banking information during a Commonwealth Bank breach. One has been charged with privacy offences, but full details of how the breach occurred are still under investigation.
Are the employees still working at Ernst & Young?
No, both employees have been terminated following the allegations and police charges.
What charges have been laid against the individuals involved?
One individual, Paul Issa, faces charges of accessing restricted data without authorization and an additional count related to malicious distribution of personal information. The other individual, Phillip Issa, has been charged with similar offences but is not facing the additional charge.
Will there be any consequences for Ernst & Young?
While Ernst & Young has not commented on specific security lapses, the incident may prompt increased scrutiny and potential reforms within the firm regarding data security and employee conduct.
What does this mean for Australian data privacy laws?
The breach highlights the need for stronger enforcement and possibly new regulations to protect personal information from internal and external threats.
Source: Google Trends