Ibrahim El-Hakim accused of using IT systems for criminal purposes
A Royal Bank of Canada (RBC) employee has been charged after allegedly accessing the personal data of Prime Minister Mark Carney.
Ibrahim El-Hakim, 23, of Ottawa, was arrested in July and faces charges of fraud over $5,000, unauthorised use of a computer, identity theft, and trafficking in identity information, reported CTV News, citing information from the Royal Canadian Mounted Police (RCMP).
El-Hakim is accused of using RBC’s IT systems for criminal purposes, including consulting several bank profiles without authorisation and participating in fraud, RCMP spokesperson Erique Gasse said, according to the report.
The accused—who was hired by RBC in 2022 and worked at a branch not far from Parliament Hill—also accessed a banking profile for a Justin Trudeau, but the RCMP later said it was not the profile of the former prime minister, reported CBC.
An affidavit filed as part of the investigation states that El-Hakim’s actions were largely captured on video and that he admitted to the allegations during an interview with RBC’s internal security, according to the CBC report.
Half of the public servants who use AI in their jobs rely on publicly available AI tools. This is “exposing governments to potential risks including data privacy and security breaches, intellectual property theft, and exposure to biased or inaccurate information that can lead to legal and ethical issues,” according to a previous KPMG report.
Organised crime scheme
According to the affidavit—which was seen by CBC/Radio-Canada—investigators believe the scheme is linked to organised crime. El-Hakim told the bank he had been approached online by an individual using the alias “AI WORLD” on Telegram and was paid $500 for each request he completed, earning a total of about $5,000.
The RCMP arrested El-Hakim on July 10 and released him on Aug. 6 under conditions. He is scheduled to appear in court on Oct. 1.
RBC spokesperson Cheryl Brean stated that the bank independently identified unauthorised system access and took immediate action to engage authorities. “The individual named is no longer employed at the bank,” Brean said in a statement to CTV News. “We worked closely with law enforcement to support their investigation.”
The investigation has been assigned to the Integrated National Security Enforcement Team (INSET). The RCMP said there is no indication of a threat to public safety or to the Prime Minister’s personal safety.
“However, as soon as criminal offences target the Canadian Prime Minister, it is the responsibility of our INSET teams to carry out the investigation,” Gasse said, according to the report.
The RCMP said that El-Hakim was not previously known to police.
Earlier this year, the federal government introduced a new National Cyber Security Strategy aimed at strengthening the country’s digital defenses.
Data breach reporting requirement
In case of data breaches that may cause a real risk of significant harm, employers must report to the Office of the Privacy Commissioner of Canada (OPC).
The breach report must include:
- details of the breach and, if known, the cause
- when the breach occurred
- description of the personal information compromised by the breach
- the number of individuals affected
- steps taken to reduce the risk of harm to affected individuals
- what the organization has, or will do, to notify affected individuals
- name and coordinates of contact person
Employers can make a report right here.
