iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Ever-troubled consulting firm PwC has launched an investigation after a fake email ironically fooled the company’s head of risk and ethics into disclosing the hiring of the firm’s new general counsel.
Risk and ethics chief Jan McCahey received an email that claimed to be from PwC’s new general counsel, Kylie Gray, to which McCahey responded with details of Gray’s appointment. At the time of the emails, Gray’s appointment as PwC’s general counsel had not yet been announced.
The fake email, which had been seen by The Australian, asked McCahey for details regarding Gray’s “remuneration and bonus arrangements” and asked if this would be revealed to other partners considering PwC’s “current circumstances”.
McCahey confirmed that Gray’s pay and bonuses would not be revealed to partners, which current and former partners said is not the norm at the firm, with one telling The Australian that PwC had an internal database with the pay of all partners bar the chief executive.
The head of risk and ethics was also asked when Gray’s appointment would be announced.
The incident has sparked questions as to why a major organisation’s risk and ethics chief was unable to determine that the email was a fake, particularly seeing as it was not from an internal company address but from a Proton mail account.
McCahey was only appointed as PwC Australia’s chief risk and ethics leader in July, but she has been with the company since 2001.
The official announcement of Gray’s appointment came on Monday (27 November). Gray will replace acting general counsel Karen Evans-Cullen, who took up the role in July following long-time general counsel Meredith Beattie retiring.
Ironically, prior to the latest incident, PwC has urged that it has adopted a much more conservative and cautious approach to risk management following the tax scandal that reaped havoc on the company’s reputation.
For those unaware, the PwC tax scandal refers to the company’s disclosure of government tax secrets to major corporations to help it avoid tax legislation that it had contributed to in the first place.
The firm has also been caught up in cyber security trouble this year after the Clop ransomware group leaked some of the firm’s data on both the clear and dark web as part of the MOVEit breach.
“We are aware that MOVEit, a third-party transfer platform, has experienced a cyber security incident [that] has impacted hundreds of organisations, including PwC. PwC uses the software with a limited number of client engagements,” a statement from the company read.
“As soon as we learned of this incident, we stopped using the platform and started our own investigation.”
Be the first to hear the latest developments in the cyber industry.
