SINGAPORE: A former assistant vice president with OCBC Bank was jailed for 10 weeks on Friday (Jan 3) for accessing the information of 396 bank customers without permission.
Au Jia Hao, 39, pleaded guilty to one amalgamated charge under the Computer Misuse Act.
The court heard that Au was employed around Oct 12, 2022, as an assistant vice president in OCBC’s global commercial banking division. His role involved sales support, resolving customer issues and analysing portfolio quality.
Au had access to OCBC’s Silverlake Integrated Banking System and was trained in its acceptable use policy. He also knew he had a duty to maintain the privacy of customer’s data.
However, for more than eight months, from Nov 8, 2022, to Jul 31, 2023, he used the Silverlake system to access the information of 396 bank customers.
The profiles he looked up included local politicians and public figures, influencers, as well as his colleagues, friends and family.
He was able to see their National Registration Identity Card (NRIC) numbers, dates of birth, addresses, contact numbers, bank account balances, and education and employment histories.
Au claimed to look up the information out of curiosity and stress from work. He did not disclose the customer data to anyone else.
The offences were discovered on Aug 16, 2023, when OCBC’s risk and prevention department notified Au’s superior that his Silverlake account had been flagged for accessing the customer profile of a senior bank employee.
When the superior confronted Au, he admitted to having done this.
OCBC terminated Au’s employment on Sep 7, 2023, and made a police report against him later that month.
Deputy Public Prosecutor Colin Ng sought 12 to 16 weeks’ imprisonment. He said Au’s unauthorised access to the data held a large potential for mischief and showed persistent offending.
The risk that Au would distribute the customer data was more substantial as he had looked up political and public figures, and public interest in information related to such high-profile individuals was greater, said the prosecutor.
Mr Ng also pointed out that Au tendered his resignation to OCBC on Jul 27, 2023, but his offences continued until the end of that month.
This went against the defence’s contention that Au’s resignation before investigations started against him in August 2023 was a sign of his remorse, the prosecutor argued.
Defence lawyer Kalidass Murugaiyan asked for four weeks’ imprisonment. Countering the prosecution’s argument on potential harm, he said that there was no evidence Au intended to disseminate the customer information.
He argued that Au suffered from depression and mental health issues that appeared to underlie his conduct. He also said that Au was a first-time offender and a volunteer with the Singapore Red Cross for six years.
In sentencing, District Judge Wong Peck said it was aggravating that Au had accessed the information of 396 customers and abused the trust placed in him as an employee of OCBC.
“Unfortunately, as a bank employee, and some more, you’re an (assistant vice president), this is clearly the wrong thing to do,” she told him.
Unauthorised access to computer data is punishable with a jail term of up to two years, a fine of up to S$5,000, or both.