StanChart client data on laptop of 'The Messiah'
A TOTAL of 647 Standard Chartered private-banking clients in Singapore have had their information stolen, the bank said last night.
The announcement came at the same time as police said they had discovered files containing StanChart's clients' data on a laptop seized from James Raj Arokisamy, who allegedly hacked several websites earlier this year using the moniker "The Messiah".
The police recently informed the bank, which then lodged a police report on Monday.
At a hastily arranged briefing yesterday, StanChart's chief executive for Singapore, Mr Ray Ferguson, said the private-banking clients' monthly statements for February this year were accessed illegally.
He added that the theft did not occur through the bank's IT and data-security systems.
Instead, the information was stolen from one of the servers of a third-party service provider, Fuji Xerox, which had been hired to print bank statements for StanChart's private-banking clients.
Fuji Xerox said the server was housed in a stand-alone printing facility.
No clients from StanChart's other banking divisions - including retail, wholesale and SME baking - were affected. The bank has also not found any unauthorised transactions resulting from the incident. StanChart is currently contacting the affected clients.
James Raj was arrested last month in Malaysia while on the run from drug-related charges. He was brought back to Singapore and was later charged with making unauthorised modifications to the Ang Mo Kio Town Council website.
He is also believed to be involved in other cyber intrusions, including that of The Straits Times' blog site and the PAP Community Foundation's website.
James Raj faces three charges for drug consumption as well.
Fuji Xerox Singapore chief executive Bert Wong said this was the first time in the company's history that such an incident has occurred, and it "deeply regrets" the incident.
The company has taken action to protect its servers, and a forensic team is conducting a review. There was no impact on the data of customers on any other systems.
Last night, the Monetary Authority of Singapore (MAS) stressed that the theft is an "isolated case" which underscores the need for "heightened vigilance" among financial institutions (FIs), including closely managing the risks in engaging service providers.
It said it will review StanChart's investigation report and will consider taking regulatory action against the bank, if warranted.
It said: "Globally, FIs have been facing an increasing number and variety of cyber threats. MAS takes a serious view of such threats and has stringent requirements in place for FIs to protect the security of their IT systems and confidentiality of their client data."