Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Bank client data stolen in Singapore

Zafar Anjum | Dec. 6, 2013
647 StanChart clients’ bank statements stolen from a Fuji Xerox printing facility

After attacking government and retail-related websites, hackers now seem to have trained their eyes on a sensitive segment of the Singapore economy: the banking sector.

According to reports by Reuters and Bloomberg, bank statements for 647 of Standard Chartered private banking clients have been found on the laptop of an alleged website hacker in Singapore.

The incident came to light on Thursday when the affected bank issued a statement on the theft. The bank said that the police had found the stolen statements in a laptop seized from James Raj Arokiasamy. This hacker had been arrested by police earlier and faces charges of hacking into a government town council's website (Ang Mo Kio Town Council) under the moniker The Messiah.

The agencies' reports quoted sources from Singapore police and the British lender.

The police had notified the bank of the theft after unearthing the statements from the seized laptop. The statements were from February and the bank has said 'it has not found any unauthorized transactions resulting from the incident'.

"The confidentiality and privacy of our clients are of paramount importance to us, and we take this incident very seriously," Ray Ferguson, chief executive officer of Standard Chartered Singapore has said in his statement.

The bank is said to be contacting the 647 affected clients.

Statements stolen from Fuji Xerox facility

According to the reports, the clients' confidential information was stolen in Singapore from a printing company.

Fuji Xerox was hired to print the bank statements. Quoting Fuji Xerox Singapore Chief Executive Officer Bert Wong, the Bloomberg report said that the information was stolen from a server used for Standard Chartered Private Bank at a printing facility. Wong has said that other clients of Fuji Xerox were not affected by this breach and a forensic team is investigating the matter.

The Bloomberg report said the security breach threatens to undermine Singapore's reputation as a private-banking hub for Asia. The city hosts about $800 billion in offshore assets and is Asia's largest wealth management center, according to Boston Consulting Group.

As a result of the reported incident, shares of Standard Chartered dropped 2.8 percent to HK$169.3, the lowest in intraday trading since July 4, at 1:34 p.m. in Hong Kong, according to the Bloomberg report.

The Monetary Authority of Singapore said the incident was "an isolated case". However, the regulator underlined the need for more security and vigilance in financial institutions.

The MAS is reported to be "actively engaging" with Standard Chartered on the case.

Industry reaction

"While the motivation and, in most cases, the tactics employed by the attackers are different, what has become increasingly apparent is that we now need to look at security in a different way," said Amitpal Dhillon, Senior Product Manager at Sourcefire, now a part of Cisco.

"It’s no longer a question of if you’ll get hit or even a question of when you will get hit; increasingly it’s a question of how often you will get hit. Many organizations today count the number of attacks they face in the tens of thousands every week or month.
"Given this landscape, and the seeming inevitability of getting hit, what is more important today is how quickly organizations are aware of the problem, then being able to measure how serious that issue is; and how quickly they can stop it spreading around the organization to limit the damage done.

"There are no silver bullets and security is no longer simply a question of building up the walls around your business, businesses need to have threat visibility across its entire enterprise and deal directly with the issue quickly and efficiently.

"Only by deploying a solution to execute on the entire lifecycle of the threat – before, during and after –can one ensure they are protected before, during and after the attack."


Sign up for CIO Asia eNewsletters.