‘Insider threat’: How an online date led to a ‘systemic’ failures investigation into American Express

‘Insider threat’: How an online date led to a ‘systemic’ failures investigation into American Express



Normal text sizeLarger text sizeVery large text size





John Smith* had just moved to Sydney after more than a decade abroad when he met someone online last summer. Using the dating app Grindr, he started chatting with a man named Tahn Daniel Lee.


Lee was isolating with COVID at the time, so they spoke online for a few weeks before meeting in Sydney’s Surry Hills for a first date – a Japanese dinner followed by Messina ice cream.


The date would be one of many – in a relationship that moved quickly before taking a dark turn, when Smith started to suspect that Lee was monitoring his bank accounts.


The Age and The Sydney Morning Herald can reveal that one of the world’s largest financial companies, American Express, would not only dismiss Smith’s initial complaint without proper investigation, but provide misleading information during an external probe.


A date with Tahn Daniel Lee (left) would trigger an investigation into “systemic” problems at American Express.


It comes as two major ASX-listed companies – Optus and Medibank – have exposed sensitive identification and health information to criminals, starting a national conversation about how best to deal with emerging cyber threats.


Cybersecurity experts say the “insider threat” is a major risk and the Privacy Commissioner’s failure to penalise companies that break the law has created a culture of impunity among corporate Australia.




Advertisement




“Because, what is the recourse?” former Australian Federal Police investigator turned cyber expert Nigel Phair says. “Businesses just aren’t doing the risk management that’s required. The tone starts from the top.”



Support the originator by clicking the read the rest link below.