Bank statements belonging to hundreds of Standard Chartered's richest customers were found to have been stolen from a server at Fuji Xerox Singapore, the third party where printing was outsourced.
The unauthorized access only came to light after files containing the data were found on a laptop, belonging to the recently arrested alleged hacker "The Messiah", according to Today. James Raj Arokiasamy was arrested last month and charged for hacking a government website and has been linked to a spate of other cyberattacks.
Standard Chartered was notified by Singapore police of the theft of 647 of its Private Bank clients' monthly bank statement for February 2013, according to its joint statement with Fuji Xerox on Thursday.
"Customer data protection is our responsibility and we sincerely apologise to all our customers and specifically to our Private Bank clients who have been affected," said Ray Ferguson, CEO of Standard Chartered, in the statement.
The bank pointed out based on its investigations to date, the theft did not occur through its IT and data security systems, but instead through one of the servers of Fuji Xerox.
Stancharted confirmed no unauthorized transactions resulted from the data theft. No wholesale banking clients, or SME and retail customers were affected, it added.
Bert Wong, CEO of Fuji Xerox Singapore said his company deeply regretted the incident. The unauthorized access was through a server dedicated to Standard Chartered Private Bank in a standalone printing facility, he explained.
"This is the first time in Fuji Xerox Singapore's history that such an incident has occurred. So far, we have taken all appropriate action to protect the integrity of our server systems. A forensic team is also conducting a thorough review. There was no impact on the data of customers on any other systems," said Wong.
The Monetary Authority of Singapore (MAS) described the incident as "an isolated case" but underscored the need for close management of risks pertaining to service providers, in the Today report. It will review the bank's investigation report before deciding if regulatory action is warranted against it, which could potentially be orders to improve its systems or financial penalties.
The regulator is currently gathering a list of clients under Fuji Xerox to check if government agencies are among them, according to Today. The incident is now being investigated by Singapore police.