- KPMG secretly copied files from a whistleblower’s work computer and circulated them within the firm.
The firm accessed the employee’s laptop repeatedly, pulling documents that detail alleged data misuse. It then forwarded the material to senior partners and the former chief executive. The Australian Financial Review notes KPMG’s legal right to access the device, but the practice was not disclosed to the whistleblower.
The incident shows how audit firms can exploit internal access controls for internal investigations, raising concerns about privacy and the separation between compliance and corporate governance. It also highlights a potential conflict of interest when senior leaders handle whistleblower material.
The episode adds to a growing list of firms that weaponize legitimate access to monitor internal dissent.