Login
PwC security questioned as its head of risk fooled by fake email
Big four accounting firm PwC has launched an investigation after a fake email duped the company’s head of risk and ethics into disclosing the hiring of the firm’s new general counsel, Kylie Gray.
Jerome Doraisamy
Editor’s note: This story originally appeared on Lawyers Weekly’s sister brand, Cyber Daily.
Ms Gray’s appointment was ultimately reported in late November following the firm’s partners being notified. She comes across from Westpac, where she has served as general counsel of litigation, regulatory investigations, and financial crime.
The fake email, which was seen by The Australian, asked Ms McCahey for details regarding Ms Gray’s “remuneration and bonus arrangements” and asked if this would be revealed to other partners considering PwC’s “current circumstances”.
Ms McCahey confirmed that Ms Gray’s pay and bonuses would not be revealed to partners, which current and former partners said is not the norm at the firm, with one telling The Australian that PwC had an internal database with the pay of all partners, bar the chief executive.
The head of risk and ethics was also asked when Ms Gray’s appointment would be announced.
The incident has sparked questions as to why a major organisation’s risk and ethics chief was unable to determine that the email was a fake, particularly seeing as it was not from an internal company address but from a Proton mail account.
Ms McCahey was only appointed as PwC Australia’s chief risk and ethics leader in July, but she has been with the company since 2001.
The official announcement of Ms Gray’s appointment came on Monday (27 November). Gray will replace acting general counsel Karen Evans-Cullen, who took up the role in July following long-time general counsel Meredith Beattie retiring.
Ironically, prior to the latest incident, PwC has urged that it has adopted a much more conservative and cautious approach to risk management following the tax scandal that wreaked havoc on the company’s reputation.
The firm has also been caught up in cyber security trouble this year, after the Clop ransomware group leaked some of the firm’s data on both the clear and dark web as part of the MOVEit breach.
“We are aware that MOVEit, a third-party transfer platform, has experienced a cyber security incident [that] has impacted hundreds of organisations, including PwC. PwC uses the software with a limited number of client engagements,” a statement from the company read at the time.
“As soon as we learned of this incident, we stopped using the platform and started our own investigation.”
Jerome Doraisamy
Jerome Doraisamy is the editor of Lawyers Weekly. A former lawyer, he has worked at Momentum Media as a journalist on Lawyers Weekly since February 2018, and has served as editor since March 2022. He is also the host of all five shows under The Lawyers Weekly Podcast Network, and has overseen the brand's audio medium growth from 4,000 downloads per month to over 60,000 downloads per month, making The Lawyers Weekly Show the most popular industry-specific podcast in Australia. Jerome is also the author of The Wellness Doctrines book series, an admitted solicitor in NSW, and a board director of Minds Count.
You can email Jerome at:
