(As reported by Channel NewsAsia, Oct 14, 2025)
A former employee of United Overseas Bank (UOB) has been convicted for leaking confidential information belonging to more than 1,000 customers to a scammer posing as Chinese police officers.
30-year-old Cao Wenqing, a Singapore permanent resident and Chinese national, was found guilty of 14 charges under the Computer Misuse Act and 13 charges under the Banking Act after a trial before District Judge James Elisha Lee.
The judge ruled that Cao’s actions were “unreasonable and negligent”, noting that she made no effort to verify the identities of the individuals who contacted her — even though she could have easily confirmed their claims by calling the Shanghai police.
How the Scam Unfolded
Cao, who worked as a junior officer in UOB’s mortgage department, had legitimate access to the bank’s customer database for processing loans and servicing accounts.
In March 2021, she was contacted by two individuals — one identifying himself as “Captain Lu” and the other as “Xiang Ying Dong” — who claimed to be officers from the Shanghai police. They told her she was under investigation and persuaded her to assist in “internal checks” by providing customer data.
Trusting their instructions, Cao began searching UOB’s internal database for customers with Chinese surnames. She then compiled spreadsheets containing names, identification numbers, bank balances, and phone numbers, which she photographed and sent via WhatsApp to the scammers.
She repeated the process several times, covering up to 100 customers per batch. She also performed individual lookups at “Captain Lu’s” request, sending screenshots of customer profiles.
It was only after reading an article about similar scams that Cao realised she had been deceived. She reported the matter to the Singapore Police Force on April 22, 2021.
Judge: “She Knew It Was Wrong”
In his verdict, Judge Lee emphasised that Cao had been educated and professionally trained in data confidentiality at UOB. Despite understanding that unauthorised extraction of client information was illegal, she continued cooperating with the scammers.
“She knew that what she was doing in Singapore was contrary to the bank’s policies and illegal under Singapore law,” said Deputy Public Prosecutor Ryan Lim, adding that Cao’s compliance stemmed from fear of losing her job and anxiety over the supposed police investigation.
Cao admitted she felt pressured to cooperate because of her status as a foreigner and her fear of returning to China, but the court held that these did not justify her actions.
Next Steps
Cao is represented by Mr Kalidass Murugaiyan, and sentencing is scheduled for December 2025.
She faces significant penalties under both the Banking Act and Computer Misuse Act, which protect Singapore’s financial institutions from insider threats and data breaches.
The case underscores the growing risks of social engineering attacks, even among banking professionals trained in cybersecurity and compliance.
Broader Implications for Financial Institutions
The conviction highlights how scammers continue to exploit human psychology — particularly fear, authority, and cross-border law enforcement narratives — to gain access to sensitive data.
Singapore’s financial regulators have previously warned that insider threats remain one of the most serious risks to data privacy and institutional trust. Banks are urged to strengthen internal verification, employee education, and anomaly monitoring systems.
