StanChart client data stolen in Singapore via Fuji Xerox server

Summary:Monthly statements belonging to 647 private banking clients were stolen via the bank's outsourced printing services provider. The theft was discovered after the files were found on a laptop recently seized from alleged hacker "The Messiah".

Bank statements belonging to hundreds of Standard Chartered's richest customers were found to have been stolen from a server at Fuji Xerox Singapore, the third party where printing was outsourced.

hacker
Monthly statements belonging to 647 private banking clients were stolen in Singapore via a Fuji Xerox server.

The unauthorized access only came to light after files containing the data were found on a laptop, belonging to the recently arrested alleged hacker "The Messiah", according to Today. James Raj Arokiasamy was arrested last month and charged for hacking a government website and has been linked to a spate of other cyberattacks.

Standard Chartered was notified by Singapore police of the theft of 647 of its Private Bank clients' monthly bank statement for February 2013, according to its joint statement with Fuji Xerox on Thursday.

"Customer data protection is our responsibility and we sincerely apologise to all our customers and specifically to our Private Bank clients who have been affected," said Ray Ferguson, CEO of Standard Chartered, in the statement.

The bank pointed out based on its investigations to date, the theft did not occur through its IT and data security systems, but instead through one of the servers of Fuji Xerox.

Stancharted confirmed no unauthorized transactions resulted from the data theft. No wholesale banking clients, or SME and retail customers were affected, it added.

Bert Wong, CEO of Fuji Xerox Singapore said his company deeply regretted the incident. The unauthorized access was through a server dedicated to Standard Chartered Private Bank in a standalone printing facility, he explained.

"This is the first time in Fuji Xerox Singapore's history that such an incident has occurred. So far, we have taken all appropriate action to protect the integrity of our server systems. A forensic team is also conducting a thorough review. There was no impact on the data of customers on any other systems," said Wong.

The Monetary Authority of Singapore (MAS) described the incident as "an isolated case" but underscored the need for close management of risks pertaining to service providers, in the Today report. It will review the bank's investigation report before deciding if regulatory action is warranted against it, which could potentially be orders to improve its systems or financial penalties.

The regulator is currently gathering a list of clients under Fuji Xerox to check if government agencies are among them, according to Today. The incident is now being investigated by Singapore police.

Topics: Security, Banking, Data Management, Outsourcing, Singapore

About

Loves caption contests, leisurely strolls along supermarket aisles and watching How It's Made. Ryan has covered finance, politics, tech and sports for TV, radio and print. He is also co-author of best seller "Profit from the Panic". Ryan is an editor at ZDNet's Asia/Singapore office.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.