HSBC Holdings under investigation after Swiss data theft

Swiss financial sector regulator FINMA is investigating the theft of data from up to 24,000 clients of the Geneva private bank of HSBC Holdings.

Swiss financial sector regulator FINMA is investigating the theft of data from up to 24,000 clients of the Geneva private bank of HSBC Holdings.

The bank said it has contacted the affected customers, but does not believe the data has or will allow any unauthorised person to access their accounts.

The data was stolen in 2006 and 2007 by former IT employee, Herve Falciani, who tried to sell the stolen information for more than £2m in France.

The theft has raised concerns that UK and other tax authorities will user the information to identify potential cases of tax evasion.

But HSBC said the French authorities had informed their Swiss counterparts that the information would not be used inappropriately.

FINMA is investigating whether HSBC failed to meet legal requirements to prevent data theft.

Falciani was able to steal the data using privileged account access while working on a project to transfer the bank's database to a more secure system.

"This is yet another powerful example of the significant risk of unmanaged and unmonitored privileged accounts," said Udi Mokady, chief executive at security firm Cyber-Ark.

But it is also surprising, he said, because most organisations now understand the high risk of not using the available tools for controlling their privileged accounts and superusers, and not recording their privileged sessions.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close