Standard Chartered Plc said wealthy clients’ confidential information was stolen in Singapore from a printing company, underscoring the vulnerability of global banks to attacks from hackers and thieves.
Singapore’s central bank plans to consider regulatory action against Standard Chartered after reviewing the bank’s investigation into the incident. The London-based lender said it hasn’t found any unauthorized transactions since the theft from Fuji Xerox Co., which was hired to print statements for the 647 clients, and is contacting affected customers. The city’s police discovered statements for February on a laptop seized from an alleged hacker.
The security breach threatens to undermine Singapore’s reputation as a private-banking hub for Asia. The city is Asia’s largest wealth management center with about $800 billion in offshore assets, according to Boston Consulting Group. Shares of Standard Chartered, which this week forecast that earnings from its consumer-banking unit will drop, fell to the lowest in five months in Hong Kong trading.
“It’s a bank issue, but it’s also a regulatory issue,” Sandy Mehta, chief executive officer of Value Investment Principals Ltd. in Hong Kong, said by phone. “Even in some of the most sophisticated jurisdictions like Singapore, there just needs to be more focus on operations and controls for banks.”
The information was stolen from a server used for Standard Chartered Private Bank at a printing facility, Fuji Xerox Singapore Chief Executive Officer Bert Wong said in a statement yesterday. Other clients weren’t impacted and a forensic team is probing the breach, he said.
The data was found on a laptop taken from James Raj Arokiasamy in the course of investigations, the police said in a separate statement yesterday. The Singaporean was charged on Nov. 12 with causing unauthorized modifications on a municipal council website by posting an image of a Guy Fawkes mask, symbol of the international hacker group Anonymous. The charges followed cyber attacks in November on websites across Southeast Asia for which Anonymous claimed responsibility.
Arokiasamy’s lawyer, M. Ravi, declined to immediately comment today.
“This incident will raise questions about Standard Chartered’s ability to deal with client data,” Ronald Wan, chief China adviser at Asian Capital Holdings Ltd., said by telephone. “Regulators and financial institutions need to think about whether there should be more stringent oversight and requirements on third-party service providers.”
Shares of Standard Chartered dropped 2.8 percent to HK$169.20, the lowest close since July 3 in Hong Kong trading.
The Monetary Authority of Singapore is “actively engaging” with Standard Chartered on the theft, which is an isolated case, the central bank said.
“Globally, financial institutions have been facing an increasing number and variety of cyber threats,” the central bank said in a statement yesterday. The theft “underscores the need for heightened vigilance in FIs, including close management of risks pertaining to service providers.”
The incident should remind banks and other financial institutions of the need to have “robust” systems and technology infrastructure to protect client data, Ong-Ang Ai Boon, a director of the Association of Banks in Singapore, said in an e-mailed statement.
“ABS and our members are cognizant of this and are constantly vigilant in our efforts to combat cyber threats and crime,” Ong-Ang said.
Switzerland is the world’s largest offshore wealth-management center, with $2.2 trillion in assets, according to Boston Consulting in May. Hong Kong and Singapore manage a combined $1.2 trillion.
“The confidentiality and privacy of our clients are of paramount importance to us, and we take this incident very seriously,” Ray Ferguson, chief executive officer of Standard Chartered Singapore, said in yesterday’s statement.
About 8.2 percent of households in the city-state have assets of $1 million or more, giving it the fifth-largest proportion behind Qatar, Switzerland, Kuwait and Hong Kong, Boston Consulting said in May.
“Hackers are seeing the profit potential in accessing bank data and undoubtedly selling it to tax and enforcement authorities worldwide, not to mention the more significant possibility of outright theft,” said Scott D. Michel, president of Washington-based law firm Caplin & Drysdale Chartered. “I suspect we will see more of them globally in the next couple of years.”