Compliance
Standard Chartered's Private Bank Hit By Theft Of Client Statements
Singapore’s financial regulator raised the alarm about cyber security breaches at financial organisations after it emerged client account statements at Standard Chartered had been stolen.
Singapore’s financial regulator raised the alarm about cyber security breaches at financial organisations after it emerged client account statements at the private bank of UK-listed Standard Chartered had been stolen.
The theft took place at a third-party service provider which Standard Chartered engaged to print the statements, the Monetary Authority of Singapore said in a statement yesterday.
A report in the Straits Times (of Singapore) said the thefts affected 647 clients at Standard Chartered Private Bank. The statements were for the the month of February this year. The publication saidthe files were found on a laptop seized from James Raj Arokiasamy, the suspect in the middle of several website hacking incidents.
The regulator said StanChart has confirmed that “this incident has not compromised the bank’s own IT systems or infrastructure. We will review SCB’s investigation report and consider if regulatory action against the bank is warranted”.The MAS noted that the incident has come to light at a time when, globally, financial institutions face a rising amount of threats to cyber security.
“MAS takes a serious view of such threats and has stringent requirements in place for FIs [financial institutions] to protect the security of their IT systems and confidentiality of their client data. These include regular vulnerability assessments and penetration tests. They also include external audits of the effectiveness of their controls. These requirements apply regardless of whether such client data are processed in-house or at third party service providers,” the regulator said.
The regulator said the theft at StanChart is an “isolated case” but it demonstrated the need for heightened vigilance in banks and other institutions.
Notified
"Standard Chartered has been notified by the police of the theft of 647 of its Private Bank clients’ monthly bank statement for February 2013," the bank said in a statement.
Ray Ferguson, CEO, Standard Chartered said: “The confidentiality and privacy of our clients are of paramount importance to us, and we take this incident very seriously. Customer data protection is our responsibility and we sincerely apologise to all our customers and specifically to our private bank clients who have been affected.”
The firm said it "has spared no efforts to thoroughly investigate the matter and can confirm that based on investigations to date, the theft did not occur through the bank’s IT and data security systems but through one of the servers of a third party service provider which the bank engaged to print bank statements for its private bank clients".
Standard Chartered said that as a precaution, it is contacting its affected private bank clients. No wholesale banking clients, SME and retail customers are affected.
"The bank would like to reassure its affected private bank clients that it has not found any unauthorised transactions resulting from this incident," it said.
Bert Wong, CEO, Fuji Xerox Singapore said: “We share the Bank’s concerns on the theft of information on this system, and deeply regret the incident. There was unauthorised access by a third party to a server dedicated to Standard Chartered Private Bank in a standalone printing facility. This is the first time in Fuji Xerox Singapore's history that such an incident has occurred. So far, we have taken all appropriate action to protect the integrity of our server systems. A forensic team is also conducting a thorough review. There was no impact on the data of customers on any other systems."
"We wish to reassure all customers that the protection of their data is a key priority and that we take our duty of care very seriously, aiming to deliver the highest quality service at all times," he said.
Standard Chartered and Fuji Xerox said they wiill continue to work closely with the Singapore Police as part of an investigation into this matter. As the matter is now with the police and under investigation, Standard Chartered and Fuji Xerox are not able to provide any further details at this stage, the firms added.