Standard Chartered client bank statements found on hacker's laptop

Standard Chartered client bank statements found on hacker's laptop

The private banking statements of 647 high-net-worth clients of Standard Chartered Bank have been found on the laptop of a hacker busted by Singapore Police.

Standard Chartered said the February 2013 monthly statements were culled from a server supplied by Fuji Xerox, which provides printing servers for the UK bank.

Singapore Police said the statements were recovered from the laptop of James Raj Arokiasamy, who is currently in custody awaiting charges over the alleged hacking of a local government Website.

The Monetary Authority of Singapore says it has been notified by the bank of the theft, which it claims has not compromised its IT systems or infrastructure.

"We will review SCB's investigation report and consider if regulatory action against the bank is warranted," says the regulator in a statement. "MAS has reminded all FIs to heighten their vigilance to safeguard their IT systems and customer information, including controls at third party service providers. MAS is paying special supervisory attention to FIs' compliance with MAS' requirements for IT outsourcing."

Ray Ferguson, chief executive of Standard Chartered Singapore, says: "The confidentiality and privacy of our clients are of paramount importance to us, and we take this incident very seriously."

Coincidentally, the US Federal Reserve Board yesterday released guidance reminding financial institutions it supervises to exercise appropriate risk management and oversight when using third party service providers.

The guidance does not discourage financial institutions from outsourcing activities to service providers, but says firms should be aware of the potential risks.

Says the Fed: "If service provider relationships are not managed effectively, they may expose financial institutions to risks that can result in reputational problems, financial loss, or regulatory actions."

Comments: (1)

Keith Appleyard
Keith Appleyard - available for hire - Bromley 06 December, 2013, 13:49Be the first to give this comment the thumbs up 0 likes

Who does this not surprise me.

When I was doing a Due Diligence of Acquiring a Credit Card portfolio based in Leeds, I found that the systems documentation stated that the Statements had been outsourced and were produced in Bristol by CSC. A little research via Google showed that this datacentre had been closed down, and the Statements were being produced by CSC in Melbourne Australia. Further research by me showed that the PIN Mailers were also being sent (unencrypted) to the other side of the world to be printed, and then mailed back to the UK via the public postal service.

So try hacking the print servers - its easy.