A technical support employee who sold customer billing information to unauthorised parties has been sentenced to two months and 14 weeks in jail, according to a report by Channel News Asia.
The report stated that Adnan Ahmed Siddiqui, 31, who worked at a call centre in Selangor, was tasked with providing technical support to Singtel customers, a telco based in Singapore.
He joined the call centre in 2014 and had access to a Singtel system which allowed him to view billing details of customers for the past seven years, which included information such as personal particulars, products and services that they had purchased.
In 2017, a colleague told Adnan that there was an “easy way to make money” and all he had to do was send an email to a specific address informing the recipient that he worked for Singtel.
After doing so, Adnan received a reply where a person told him that he will be paid to provide copies of bills belonging to specific account numbers.
He would check up to eight account numbers a month and received about RM1,000 to RM1,200 for doing so.
It was reported that Adnan performed almost 400 unauthorised screenings during a period of four months from July 2017. Some of the accounts targeted included licensed moneylenders and pawn shop businesses.
Later, a colleague and co-accused Mohamed Maher Muhaffel Mustasem asked to be a part of Adnan’s illicit money-making plan.
They came up with a plan where Mohamed Maher would access the system for customer information and Adnan would convert all the details into PDF documents to be sold to an unknown person.
Adnan resigned from his job at the call centre in July 2018 and continued to assist Mohammed Maher with the customer data selling activities.
Their crime came to light when police in Singapore received information that a group of data sellers had sold information on customer call logs to unlicensed moneylenders.
Investigations revealed that the data came from Singtel with Adnan and Mohamed Maher identified as potential suspects.
Criminal Investigation Department (CID) officers from Bukit Aman in Kuala Lumpur arrested Adnan at the airport after a warrant was issued. He was then handed to Singapore’s CID officers.
Adnan pleaded guilty to eight counts under the Computer Misuse Act of unauthorised access to computer material, with another 18 counts taken into consideration.
For each charge, he could be jailed for up to three years, fined up to Sg$10,000 (RM30,525), or both.
A Singtel spokesperson in the report said the company was aware that two former customer care employees at the call centre in Selangor had “accessed phone numbers from some of our enterprise customers’ billing records without authorisation”.
It added that no personal data was compromised to their knowledge and that affected customers were informed.
“Once we became aware of the matter last year, we took immediate action to restrict access to our customers’ data and reinforce security measures,” the spokesperson said to Channel News Asia.