24 April 2014

Standard Chartered client bank statements found on hacker's laptop

06 December 2013  |  3521 views  |  1 Standard chartered main building

The private banking statements of 647 high-net-worth clients of Standard Chartered Bank have been found on the laptop of a hacker busted by Singapore Police.

Standard Chartered said the February 2013 monthly statements were culled from a server supplied by Fuji Xerox, which provides printing servers for the UK bank.

Singapore Police said the statements were recovered from the laptop of James Raj Arokiasamy, who is currently in custody awaiting charges over the alleged hacking of a local government Website.

The Monetary Authority of Singapore says it has been notified by the bank of the theft, which it claims has not compromised its IT systems or infrastructure.

"We will review SCB's investigation report and consider if regulatory action against the bank is warranted," says the regulator in a statement. "MAS has reminded all FIs to heighten their vigilance to safeguard their IT systems and customer information, including controls at third party service providers. MAS is paying special supervisory attention to FIs' compliance with MAS' requirements for IT outsourcing."

Ray Ferguson, chief executive of Standard Chartered Singapore, says: "The confidentiality and privacy of our clients are of paramount importance to us, and we take this incident very seriously."

Coincidentally, the US Federal Reserve Board yesterday released guidance reminding financial institutions it supervises to exercise appropriate risk management and oversight when using third party service providers.

The guidance does not discourage financial institutions from outsourcing activities to service providers, but says firms should be aware of the potential risks.

Says the Fed: "If service provider relationships are not managed effectively, they may expose financial institutions to risks that can result in reputational problems, financial loss, or regulatory actions."

Comments: (1)

Keith Appleyard - available for hire - Bromley | 06 December, 2013, 13:49

Who does this not surprise me.

When I was doing a Due Diligence of Acquiring a Credit Card portfolio based in Leeds, I found that the systems documentation stated that the Statements had been outsourced and were produced in Bristol by CSC. A little research via Google showed that this datacentre had been closed down, and the Statements were being produced by CSC in Melbourne Australia. Further research by me showed that the PIN Mailers were also being sent (unencrypted) to the other side of the world to be printed, and then mailed back to the UK via the public postal service.

So try hacking the print servers - its easy.

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Related blogs

Create a blog about this story (membership required)

Related stories

07 November, 2013
06 November, 2012
01 March, 2011
17 January, 2011
25 June, 2010
15 April, 2010
11 March, 2010

Related company news

 

Related company information

Standard Chartered Bank
Your browser is unable to support Flash files.
Your browser is unable to support Flash files.
Find out more

Featured job

Basic £130-140K Variable £70-90K
London (preferred) or Paris

Find your next job