Swiss financial sector regulator FINMA is investigating the theft of data from up to 24,000 clients of the Geneva private bank of HSBC Holdings.
The bank said it has contacted the affected customers, but does not believe the data has or will allow any unauthorised person to access their accounts.
The data was stolen in 2006 and 2007 by former IT employee, Herve Falciani, who tried to sell the stolen information for more than £2m in France.
The theft has raised concerns that UK and other tax authorities will user the information to identify potential cases of tax evasion.
But HSBC said the French authorities had informed their Swiss counterparts that the information would not be used inappropriately.
FINMA is investigating whether HSBC failed to meet legal requirements to prevent data theft.
Falciani was able to steal the data using privileged account access while working on a project to transfer the bank's database to a more secure system.
"This is yet another powerful example of the significant risk of unmanaged and unmonitored privileged accounts," said Udi Mokady, chief executive at security firm Cyber-Ark.
But it is also surprising, he said, because most organisations now understand the high risk of not using the available tools for controlling their privileged accounts and superusers, and not recording their privileged sessions.