Australian Treasurer Jim Chalmers said he found recent reports that two temporary Ernst & Young employees allegedly accessed the personal bank details of Prime Minister Anthony Albanese to be deeply worrying. The disclosure, first reported by the Australian Financial Review, said EY had sacked two staff members who are now facing criminal charges related to the alleged access to Albanese’s banking information and that of at least one EY partner.
EY declined to comment on the AFR’s reporting, and the prime minister’s office did not immediately reply to a request for comment. A Commonwealth Bank of Australia spokesperson said it was not appropriate for the bank to comment on individual contractor matters.
Speaking to reporters, Treasurer Chalmers declined to discuss ongoing legal proceedings but stressed the seriousness of the allegations. He said he would not comment on the legal process itself, adding that on its face any such development was "incredibly concerning, not just in relation to the PM’s details but any Australians’ details."
The matter has emerged amid heightened scrutiny of major accounting firms. The AFR noted the revelation at a time when EY’s peer KPMG is dealing with its own audit leak controversy, and when the Big Four have seen a marked decline in new-business revenue from the Australian federal government, which the AFR said fell by almost half last year.
Law enforcement has already taken action. The Australian Federal Police said two Sydney men were charged on May 6 with allegedly accessing restricted personal banking data belonging to a federal parliamentarian. The two accused were described by authorities as aged 21 and 25. According to the AFP, the 21-year-old faces charges of unauthorised access to restricted data and publishing or distributing personal data. The 25-year-old faces a charge of unauthorised access to restricted data, with allegations he intended to cause the access and knew it was unauthorised.
"As the matter is before the court, no further comment will be made," an AFP spokesperson said by email.
Neither the AFP statement nor the court documents named the lawmaker involved. The two accused were granted police bail and ordered to appear in a Sydney court on the Tuesday referenced in the reporting.
The AFR’s reporting, citing unidentified sources, described the technical process that allegedly allowed access. It said the two contractors, while deployed to CBA, would have encountered a system warning requiring them to confirm they were authorised to view a customer’s confidential information; once they affirmed authorisation, the system purportedly granted access to the personal bank details.
The sequence of events — internal contractor access, subsequent dismissal by EY, criminal charges and public comment from senior government figures — has amplified questions about data controls within large professional services firms and the institutions that engage them. Authorities have signalled restraint in public comment while the matter proceeds through the courts.