HSBC Private Bank (Suisse) Thursday revealed more details about a data theft in Switzerland that took place more than three years ago. The incident affects 15,000 existing clients, enormously more than the figure reported last December when the bank said the number of account records taken was less than 10.
According to HSBC Private Bank, the Swiss authorities earlier this month passed data files to the bank which showed that client information had been compromised.
As a result, the bank is contacting customers to explain and apologize for the threat to their privacy, said HSBC, adding that the bank doesn't believe that the stolen data has or will allow any third party to access any client account.
The data theft, said HSBC, was done by a former IT employee about three years ago, involves existing clients who had accounts with the bank in Switzerland before October 2006.
The stolen client information is limited to accounts in Switzerland, excluding ex-HSBC Guyerzeller accounts, the bank added. There is no data compromised for any branches of the bank outside Switzerland, which operate on separate systems and security, or other entities within the HSBC Group, the bank noted.
"We deeply regret this situation and unreservedly apologise to our clients for this threat to their privacy," said Alexandre Zeller, CEO of HSBC Private Bank (Suisse) SA. "We are determined to protect our clients' interests and are taking every necessary measure to do so, actively contacting all our clients with Swiss-based accounts."
Copies of a significant portion of the data were returned to the bank on Mar 3, 2010 by the Swiss Federal Prosecutor, said HSBC, adding that the French authorities had previously seized the files from the former IT employee, who fled to France while under investigation, before passing copies to the Swiss Federal Prosecutor.
HSBC to spend HK$727million to improve security
"The bank is doing its utmost to ensure that this cannot happen again and has already made significant improvements to its security, spending over 100 million Swiss Francs (HK$727 million; US$93.7 million) to upgrade systems and improve security," said Zeller.
The bank said it is working with the Swiss authorities and continues its own investigations, and a criminal investigation led by the Swiss Federal Prosecutor is underway.
HSBC added that the Swiss authorities confirmed that they won't support the use of the stolen data to answer requests from foreign authorities. The French authorities have informed the Swiss authorities that the data they hold won't be used inappropriately, the bank noted.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.