They used an AI tool to fool HR into processing fraudulent payroll
Over nearly six years, three senior executives at Telekom Malaysia's American subsidiary allegedly siphoned more than $20 million from their own company through a web of forged documents, ghost employees, and AI-assisted deception — a case that arrives not only as a story of personal greed, but as a marker of how modern institutions are reshaping the boundaries between corporate and individual accountability. Telekom Malaysia, by choosing transparency over concealment, stepped into a legal framework that shielded the company from prosecution while leaving its former executives to face the full weight of federal law. The outcome reflects a quiet but consequential evolution in how justice is negotiated in the corporate world.
- Three TM executives allegedly stole over $20 million across six years using shell companies, inflated invoices, ghost payroll schemes, and an AI tool to impersonate employees and deceive HR staff.
- The fraud unraveled not through external discovery but through TM's own decision to self-report the misconduct to US federal authorities — a move that fundamentally altered the legal trajectory of the case.
- One defendant was arrested at San Francisco International Airport while the other two surrendered separately, signaling coordinated federal action across multiple suspects.
- The Department of Justice declined to prosecute Telekom Malaysia as a corporation, rewarding its cooperation under a March 2025 policy designed to incentivize voluntary disclosure of internal wrongdoing.
- The three individuals now face wire fraud conspiracy, wire fraud, and aggravated identity theft charges — a split outcome that places criminal liability squarely on people, not the institution that employed them.
Three senior executives at Telekom Malaysia's US operations have been charged in federal court with stealing more than $20 million from the company over nearly six years. Hafiz Lockman, Yuzaimi Yusof, and Khanh Thuong Nguyen allegedly used forged documents, fabricated records, and false statements to divert company funds into personal accounts between July 2020 and February 2026.
The schemes were varied and methodical. In one instance, the defendants were authorized to purchase eight terabytes of data capacity for a $54 million deal with a major US corporation — but allegedly bought only six terabytes, sold the surplus through a shell company they controlled, and pocketed the difference. They also inflated cable invoices and redirected nearly $2.9 million in legitimate payments into accounts they managed. In perhaps the most striking element of the case, they allegedly impersonated TM employees and interns to collect fraudulent salaries, using an AI-assisted tool to deceive the company's human resources department into approving the payroll requests.
Lockman was arrested at San Francisco International Airport; Yusof and Nguyen had surrendered to authorities the month prior. All three face charges of wire fraud conspiracy, wire fraud, and aggravated identity theft.
What sets this case apart is what happened to the company itself. Telekom Malaysia self-reported the misconduct to US authorities and pledged full cooperation, prompting the Department of Justice to decline prosecution of the corporation — a decision aligned with a federal policy announced in March encouraging companies to voluntarily disclose internal criminal activity in exchange for reduced penalties. The result is a divided outcome increasingly familiar in federal corporate cases: individuals face prison and fines while the institution, having chosen accountability over concealment, walks away without criminal charges.
Three senior executives at Telekom Malaysia's American operations have been charged in federal court with orchestrating a scheme to steal more than $20 million from the company over nearly six years. Hafiz Lockman, Yuzaimi Yusof, and Khanh Thuong Nguyen allegedly used forged documents, false statements, and fabricated records to funnel company money into personal bank accounts while deceiving auditors, supervisors, suppliers, and business partners between July 2020 and February 2026.
The mechanics of the theft were varied and deliberate. In one instance, TM was asked to approve the sale of eight terabytes of data capacity to a major US multinational corporation for $54 million. The defendants allegedly purchased only six terabytes, then sold the surplus capacity to other companies and routed the proceeds through a shell entity they controlled. They also inflated invoices for cable purchases and redirected nearly $2.9 million in payments meant for legitimate expenses into accounts they managed. Beyond these schemes, the three men allegedly impersonated TM employees and interns to collect salaries they had no right to receive. In at least one case, they used an artificial intelligence-assisted impersonation tool to fool the company's human resources department into processing fraudulent payroll requests.
Lockman was arrested at San Francisco International Airport, while Yusof and Nguyen surrendered to authorities the previous month. All three face charges of wire fraud conspiracy, wire fraud, and aggravated identity theft under federal law. James C Barnacle Jr, the FBI's assistant director in charge, described the conduct as deliberate and calculated, undertaken purely for personal financial gain.
What distinguishes this case from typical corporate fraud prosecutions is that Telekom Malaysia itself escaped criminal charges. The company self-reported the misconduct to US authorities and committed to full cooperation with investigators. The Department of Justice declined to prosecute the corporation as a result. This decision reflects a broader policy shift announced by federal prosecutors in March, designed to incentivize companies to voluntarily disclose internal criminal activity by offering reduced penalties and other benefits in exchange for transparency and cooperation.
Neither the three defendants nor Telekom Malaysia immediately responded to requests for comment. The case now moves through the federal system, with the individuals facing potential prison time and substantial fines while the company itself faces no criminal liability—a split outcome that has become increasingly common as federal prosecutors seek to balance accountability for individual wrongdoing with incentives for corporate self-policing.
Notable Quotes
These three individuals are alleged to have carried out a deliberate and calculated embezzlement scheme, falsifying corporate records for their own financial gain— FBI Assistant Director James C Barnacle Jr
The Hearth Conversation Another angle on the story
Why would a company self-report something like this? Doesn't that just invite trouble?
It does invite trouble for the individuals involved, but not for the company itself. The federal government essentially made a deal: turn yourself in, cooperate fully, and we won't prosecute the corporation. The alternative is we investigate, find everything ourselves, and charge everyone.
So the company gets immunity while the executives go to prison?
Exactly. It's a calculated trade-off. TM loses three executives and faces reputational damage, but avoids criminal prosecution, massive fines, and the operational chaos of a federal case against the corporation itself.
How does someone use an AI tool to impersonate someone to HR? Isn't that caught immediately?
You'd think so. But HR systems are often overwhelmed, understaffed, and process thousands of requests. If the impersonation is convincing enough and the paperwork looks right, it can slip through. The fact that they used AI suggests they were trying to make it harder to detect as fraud.
The eight terabytes versus six terabytes scheme—that's pretty sophisticated.
It is. They didn't just steal outright. They created a legitimate-looking transaction, pocketed the difference, and hid the proceeds through another company. That takes planning and knowledge of how the business actually works.
What happens to them now?
They face federal charges that carry serious prison time. Wire fraud alone can mean up to 20 years. With multiple counts and identity theft added in, they're looking at substantial sentences if convicted.