Two EY Staffers, 21 & 25, Face Criminal Charges for Accessing PM’s Bank Account
Key Takeaways
- Two EY junior consultants face criminal prosecution for allegedly accessing Prime Minister Anthony Albanese’s bank account while on secondment at Commonwealth Bank.
- The case adds to mounting governance scandals in Australia’s consulting industry and raises questions about professional liability, regulatory oversight, and the boundaries of legal responsibility for firms that embed staff in sensitive client systems.
Mentioned
Key Intelligence
Key Facts
- 1Two EY junior hires, aged 21 and 25, joined the firm in March 2026 and were immediately seconded to Commonwealth Bank of Australia.
- 2They allegedly accessed Prime Minister Anthony Albanese's bank account and at least one EY partner's account before the breach was detected.
- 3Commonwealth Bank discovered the unauthorized access and alerted EY, which fired both employees.
- 4The Australian Federal Police charged both men with accessing restricted personal banking data belonging to a federal parliamentarian; they appeared in Sydney court on June 30, 2026.
- 5The incident follows governance scandals across Australia's consulting sector, including KPMG's chair departure over whistleblower allegations and PwC's breakup after leaking confidential government information.
- 6EY provides training that explicitly warns against curiosity-driven access to bank accounts.
Analysis
For the legal and regulatory community, the EY incident represents a stark stress test of Australia’s privacy and corporate crime frameworks. As the two men, aged 21 and 25, face court, lawyers will scrutinize the intersection of intent, access privileges, and the duty of care owed by professional services firms. With the precedent of PwC’s downfall still fresh, this case could redefine how liability is apportioned between individual employees and the organizations that enable them.
The revelation that two EY junior staffers allegedly accessed the bank account of Australian Prime Minister Anthony Albanese has sent shockwaves through the corporate and political worlds. The incident, first reported by the Australian Financial Review on June 30, 2026, marks a new low in a series of governance scandals that have engulfed Australia's elite consulting firms. The two men, aged 21 and 25, joined EY in March 2026 and were immediately seconded to Commonwealth Bank of Australia (CBA), the nation's largest lender. While embedded at CBA, they reportedly used their access to view the personal banking details of the prime minister and at least one EY partner. CBA's internal systems detected the unauthorized access, and the bank alerted EY, leading to the swift termination of the staffers. The Australian Federal Police have since charged both individuals with accessing restricted personal banking data belonging to a federal parliamentarian, a criminal offense that could carry severe penalties.
The revelation that two EY junior staffers allegedly accessed the bank account of Australian Prime Minister Anthony Albanese has sent shockwaves through the corporate and political worlds.
This breach is not an isolated aberration but part of a troubling pattern of misuse of privileged information within Australia's consulting sector. In recent years, KPMG Australia saw its chair, Martin Sheppard, step down after whistleblower allegations that the firm used confidential client data to win business—a decision announced just last week. Three years ago, PwC's Australian arm was dismantled after it was exposed for leaking confidential government tax policy information to corporate clients. The EY incident, involving access to a sitting prime minister's personal finances, underscores how thin the line has become between professional access and egregious violation of trust. It also raises uncomfortable questions about the due diligence and oversight of young consultants embedded within critical financial institutions.
From a legal perspective, the charges against the individuals are only the tip of the iceberg. The breach likely violates Australia's Privacy Act and possibly the Criminal Code, which prohibits unauthorized access to computer data. The severity of the punishment will depend on whether the access was out of mere curiosity or for some ulterior motive — both men may face prison time. Beyond individual liability, EY and CBA could face regulatory scrutiny from the Australian Securities and Investments Commission (ASIC) and the Office of the Australian Information Commissioner (OAIC). CBA, in particular, may be questioned about its access controls and monitoring systems. As primary custodian of sensitive financial data, the bank could be subject to mandatory data breach notifications and potential class-action lawsuits from affected individuals if broader abuse is discovered.
What to Watch
The incident also has deep implications for the relationship between government and private contractors. The prime minister's account was accessed while EY staff were on secondment, a common arrangement where firms embed consultants within client organizations to provide services. This model inherently grants outsiders access to internal systems, and the EY case will likely prompt a review of secondment protocols across the public and private sectors. Any future government contracts with consulting firms may require stricter background checks, real-time monitoring, and limits on access levels, particularly for junior staff. For CBA, the breach is a reminder of the insider threat risk that banks face daily. Despite heavy investments in cybersecurity, the human element remains the weakest link. CBA shares fell 0.8% on the news, reflecting investor concerns about reputational damage and potential regulatory fines.
Looking ahead, this scandal could accelerate the push for tighter regulation of consulting firms in Australia, similar to reforms imposed on the audit profession after Enron. The federal government may impose a mandatory code of ethics for professional service providers, mandatory breach reporting, and even criminal liability for firms that fail to supervise their staff. Meanwhile, the court proceedings against the two former EY employees will be closely watched. Their defense — likely to claim they acted out of curiosity without malicious intent — will test the boundaries of intent in insider threat cases. For the consulting industry, the worst-case scenario is that this incident leads to a complete ban on secondments to sensitive government and banking roles, fundamentally altering the industry's operating model.
Timeline
Timeline
Unauthorized account access occurs
The staffers allegedly access the bank account of Prime Minister Albanese and at least one EY partner while embedded at CBA.
EY hires two junior staffers
Two graduates join EY and are placed on secondment at Commonwealth Bank of Australia.
Firings reported and criminal charges filed
The Australian Financial Review first reports the firings; the AFP charges the two men with accessing restricted banking data. They appear in Sydney court the same day.
How we covered this story
Every story in our legal coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.
Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the legal space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.
| Signal on this page | What it tells you |
|---|---|
| Verified by N sources | Independent corroboration count. N≥2 is our confidence floor; N=1 is marked explicitly. |
| Impact score (1-10) | Regulatory + financial + operational weight. 8+ signals an experienced-operator action item. |
| Sentiment | Five-tier classification trained on labeled legal-specific corpora. |
| Timeline | Where applicable, the related-events sequence that contextualizes today's development. |