Singapore’s financial regulator raised the alarm about cyber security breaches at financial organisations after it emerged client account statements at UK-listed Standard Chartered had been stolen.
financial regulator raised the alarm about cyber security breaches at
financial organisations after it emerged client account statements at the private bank of UK-listed
Standard Chartered had been stolen.
The theft took place at a third-party service provider which
Standard Chartered engaged to print the statements, the Monetary Authority of
Singapore said in a statement today.
A report in the Straits Times
(of Singapore) said the thefts affected 647 clients at Standard
Chartered Private Bank. The statements were for the the month of
February this year. The publication saidthe files were found on a laptop
seized from James Raj Arokiasamy,
the suspect in the middle of several website hacking incidents.
The regulator said in its statement that StanChart has confirmed
incident has not compromised the bank’s own IT systems or infrastructure. We
will review SCB’s investigation report and consider if regulatory action
against the bank is warranted”.
The MAS noted that the incident has come to light at a time
when, globally, financial institutions face a rising amount of threats to cyber
“MAS takes a serious view of such threats and has stringent
requirements in place for FIs [financial institutions] to protect the security
of their IT systems and confidentiality of their client data. These include
regular vulnerability assessments and penetration tests. They also include
external audits of the effectiveness of their controls. These requirements
apply regardless of whether such client data are processed in-house or at third
party service providers,” the regulator said.
The regulator said the theft at StanChart is an “isolated
case” but it demonstrated the need for heightened vigilance in banks and other
Chartered has been notified by the police of the theft of 647 of its
Private Bank clients’ monthly bank statement for February 2013," the bank said in a statement.
Ferguson, CEO, Standard Chartered said: “The confidentiality and
privacy of our clients are of paramount importance to us, and we take
this incident very seriously. Customer data protection is our
responsibility and we sincerely apologise to all our customers and
specifically to our private bank clients who have been affected.”
The firm said it "has spared no efforts to thoroughly investigate
the matter and can
confirm that based on investigations to date, the theft did not occur
through the bank’s IT and data security systems but through one of the
servers of a third party service provider which the bank engaged to
print bank statements for its private bank clients".
Standard Chartered said that as a precaution, it is contacting
its affected private
bank clients. No wholesale banking clients, SME and retail customers are
bank would like to reassure its affected private bank clients that it
has not found any unauthorised transactions resulting from this
incident," it said.
Wong, CEO, Fuji Xerox Singapore said: “We share the Bank’s concerns on
the theft of information on this system, and deeply regret the
incident. There was unauthorised access by a third party to a server
dedicated to Standard Chartered Private Bank in a standalone printing
is the first time in Fuji Xerox Singapore's history that such an
incident has occurred. So far, we have taken all appropriate action to
protect the integrity of our server systems. A forensic team is also
conducting a thorough review. There was no impact on the data of
customers on any other systems."
wish to reassure all customers that the protection of their data is a
key priority and that we take our duty of care very seriously, aiming
to deliver the highest quality service at all times," he said.
Chartered and Fuji Xerox said they wiill continue to work closely with the
Singapore Police as part of an investigation into this matter.
As the matter is now with the police and under investigation, Standard
Chartered and Fuji Xerox are not able to provide any further details at
this stage, the firms added.