Former UOB Employee Convicted for Sharing Customer Data with Scammer

A former employee of United Overseas Bank (UOB) has been convicted for disclosing sensitive information of over 1,000 customers to a scammer. On October 14, 2023, Cao Wenqing, a 30-year-old permanent resident of Singapore and a Chinese national, faced multiple charges under the Computer Misuse Act and the Banking Act.

Cao was found guilty of 14 charges under the Computer Misuse Act and an additional 13 charges under the Banking Act. She contested the allegations, claiming that she had been misled by individuals posing as police officers from Shanghai. However, District Judge James Elisha Lee stated that Cao, who possessed tertiary education qualifications and had received training regarding the confidentiality of customer information, was fully aware of the legal restrictions on data disclosure.

In his ruling, Judge Lee emphasized that it was unreasonable for Cao not to verify the identities of the individuals who contacted her. He noted that she could have easily confirmed their credentials by reaching out to the Shanghai police herself, which she eventually did after learning about a similar scam through a news article.

Cao served as a junior officer in the mortgage department at UOB, where she had access to the bank’s customer database strictly for work-related purposes. In March 2021, she received communication from individuals identified as “Xiang Ying Dong” and “Captain Lu,” who claimed to be conducting an investigation. Despite knowing it was against bank policy, Cao agreed to assist them voluntarily.

The prosecution outlined that Cao accessed the database using her work-issued laptop. She searched for customers with common Chinese surnames and compiled their details, including names, identification numbers, bank balances, and phone numbers, into an Excel spreadsheet. After gathering information on 50 to 100 customers, she would send photographs of the spreadsheet via WhatsApp to “Captain Lu,” subsequently deleting the images.

Cao also conducted targeted searches on specific customers as requested by Lu and shared screenshots of their profiles. It was not until April 22, 2021, that she reported the incident to the Singapore Police Force upon realizing that she had been scammed.

During the trial, Deputy Public Prosecutor Ryan Lim highlighted that Cao complied with the scammer’s demands due to fears of an investigation against her. She perceived the individuals as powerful and was concerned about potentially losing her job in China if she refused their requests. Lim asserted that Cao was fully aware that her actions were illegal under Singapore law and contrary to UOB’s policies.

Cao, represented by lawyer Kalidass Murugaiyan, will return to court for further proceedings concerning mitigation and sentencing in December. The case underscores the critical importance of data security and the severe consequences of breaching confidentiality in the banking sector.