By Rachel Armstrong and Lee Chyen Yee
SINGAPORE, Dec 5 (Reuters) - Bank statements for almost 650 of Standard Chartered Plc’s private banking clients have been found on the laptop of an alleged website hacker in Singapore, the police and the British lender said on Thursday.
Standard Chartered said the February 2013 monthly statements for 647 of its clients were stolen, taken from the server of Fuji Xerox which provides printing services to the bank.
“The confidentiality and privacy of our clients are of paramount importance to us, and we take this incident very seriously,” said Ray Ferguson, chief executive of Standard Chartered Singapore in a statement.
Singapore Police Force said the data was found on a laptop belonging to James Raj Arokiasamy. Raj is currently in custody in Singapore after he was charged last month under cyber security rules for allegedly hacking into a local government website using the moniker “The Messiah”.
Private banks around the world are particularly sensitive about client data, as a lucrative market has emerged for such information with western governments clamping down on tax evasion.
Several banks in Switzerland have had data stolen over the past five years, with some of the information making its way into the hands of governments, including Germany, which paid to see it.
The Monetary Authority of Singapore (MAS) said it was aware of the matter and investigating.
“We will review SCB’s (Standard Chartered Bank) investigation report and consider if regulatory action against the bank is warranted,” the central bank said in a statement.
MAS added it believed the incident was an isolated case but said it had reminded all financial institutions to safeguard their IT systems and customer information.
Standard Chartered said it had not found any evidence that unauthorised transactions had resulted from the incident and that it was contacting the clients whose statements were taken.
It added that customers from its retail and other banking units had not been affected.
Fuji Xerox Singapore said it had taken appropriate action to protect its servers and a forensic team was conducting a review.