Corporate spies plunder funds manager's secrets

By Nick Smith

Friday 23rd November 2001

CHEEKY: Thieves entered the 18th floor of the high-security ANZ Centre to steal confidential client information

Gerald Siddall (1998 photo)

Corporate spies have raided "secretive" New Zealand Funds Management, breaching high-tech security at Auckland's downtown ANZ Centre to pillage the company's database.

The raid yielded confidential client information, including names, addresses, account holdings, bank accounts, log-ins and passwords for all its financial advisers.

NZ Funds, which manages $1.6 billion for a variety of clients, was yesterday on high alert and has urged its clients to be the same after what appears to be a clear case of corporate espionage.

About 4am on Saturday, the spy or spies managed to enter the Albert St high-rise tower - a swipe card, video-monitored building with 24-hour security personnel - and gain access to the 18th floor despite the elevators being deactivated.

NZ Funds' backup computer system was then hacked, yielding two floppy disks of data, and the culprits managed to escape without being captured by guards or on videotape.

Investment analyst Philip Macalister described NZ Funds as innovative and "secretive," keeping its "leading edge" money management operations to itself.

Mr Macalister - who edits the online funds management website goodreturns. co.nz - said although NZ Funds was the country's seventh biggest, it consistently topped the list in funds flow.

"In this market, they're all battling to get new money in the door ... and they are very successful in bringing money in," he said. "They are very smart in terms of distribution ... a lot of people don't know what they have done there. You couldn't rule out corporate espionage ... everyone wants to know how they operate."

In an email to advisers obtained by The National Business Review, NZ Funds principal Gerald Siddall said, "Early indications are that this was someone with relatively sophisticated technical skills.

"Who did this and why can only be speculated on at this point in time," Mr Siddall, whose bank account details were also stolen in the raid, told advisers.

"Although the break-in has not disrupted our normal business processing or tampered with any of the data, our concern is that the person(s) have a stage two, which involves using the information to facilitate a fraud of some type."

Police have launched an investigation, while Mr Siddall has employed ex-CIB officers at a private investigation firm to catch the culprits and is also reviewing internal and computer security.

"We are on high alert internally and would appreciate you being so also," he said.

The ANZ Centre, owned by AMP NZ Office Trust, is known for its high security to protect heavy-hitting financial tenants such as BT Funds, FundSource and CS First Boston.

Asset manager Patrick O'Reilly said new security measures were being introduced and the corporate raid was a result of a "coincidence of events" but declined to elaborate.

The illegal access was not a result of security failing and no staff were sacked because of the breach, he said.

Doug Somers-Edgar, managing director at NZ Funds' biggest client, Money Managers, played down the break-in, saying it was probably the work of kids.

He expressed confidence in NZ Funds, pointing out that years ago the company had provided offsite premises for client data to protect against the event of a September 11-type disaster.

Mr Siddall said yesterday although whoever committed the offence had eluded high-tech security to gain access to the company, a crude method had been used to steal the disks.

"They used a screw driver ... on the machine running backup data," he said. "[The fact that] they managed to get on to the floor and then managed to not bang into our night operators was extraordinary."

To characterise the raid as corporate espionage was speculation but the company was treating it as a "worst case scenario," he said.

"In terms of corporate espionage, you could look at it that way. What we have done immediately is put in place new security procedures so that if somebody tries to use that information we will be able to detect that immediately.

"It's the first time it's happened to us but I know of it happening to other organisations. [But] it has not damaged our business or damaged our clients' affairs."

Comments from our readers

No comments yet