The private banking statements of 647 high-net-worth clients of Standard Chartered Bank have been found on the laptop of a hacker busted by Singapore Police.
Standard Chartered said the February 2013 monthly statements were culled from a server supplied by Fuji Xerox, which provides printing servers for the UK bank.
Singapore Police said the statements were recovered from the laptop of James Raj Arokiasamy, who is currently in custody awaiting charges over the alleged hacking of a local government Website.
The Monetary Authority of Singapore says it has been notified by the bank of the theft, which it claims has not compromised its IT systems or infrastructure.
"We will review SCB's investigation report and consider if regulatory action against the bank is warranted," says the regulator in a statement. "MAS has reminded all FIs to heighten their vigilance to safeguard their IT systems and customer information, including controls at third party service providers. MAS is paying special supervisory attention to FIs' compliance with MAS' requirements for IT outsourcing."
Ray Ferguson, chief executive of Standard Chartered Singapore, says: "The confidentiality and privacy of our clients are of paramount importance to us, and we take this incident very seriously."
Coincidentally, the US Federal Reserve Board yesterday released guidance reminding financial institutions it supervises to exercise appropriate risk management and oversight when using third party service providers.
The guidance does not discourage financial institutions from outsourcing activities to service providers, but says firms should be aware of the potential risks.
Says the Fed: "If service provider relationships are not managed effectively, they may expose financial institutions to risks that can result in reputational problems, financial loss, or regulatory actions."