LONDON/GENEVA (Reuters) - HSBC (HSBA.L), Europe’s biggest bank, said a theft of data by a former employee affected up to 24,000 Swiss client accounts, dealing a hefty blow to the reputation of its private bank.
Switzerland’s financial regulator FINMA was investigating the theft, it said on Thursday, while a source close to the UK’s Financial Services Authority, the bank’s lead regulator, said the FSA was “aware” of the situation.
The bank had previously said “less than 10 clients” were affected after Herve Falciani — a former HSBC computer specialist — stole client data from the bank which he handed over to French tax authorities.
“The theft, which was perpetrated by a former IT employee about three years ago, involves approximately 15,000 existing clients who had accounts with the bank in Switzerland before October 2006,” HSBC said in a statement.
On top of that, up to 9,000 accounts that had been closed in the past were affected. These accounts often were not big enough to be eligible for private banking services, the bank said. It has 100,000 clients in Switzerland.
The controversy comes at a sensitive time for the secretive sector — which serves rich clients — with countries sometimes using stolen client data to chase tax evaders, a practice one Swiss lawmaker has likened to bank robbery.
Swiss banking giant UBS UBSN.VX(UBS.N) has seen billions of Swiss francs of client money gush from its wealth management operations amid repeated blows to its reputation from a high-profile U.S. tax case and massive writedowns that forced it to accept a government bailout in the crisis.
Germany’s Finance Minister, Wolfgang Schaeuble, raised the bar in the fight against tax evasion further last month, saying Berlin was prepared to pay for stolen data on potential tax cheats at an unnamed Swiss bank.
Switzerland’s FINMA regulator was investigating how “a data theft to this extent could have happened” and whether the measures taken by HSBC to prevent a repeat complied with legal requirements, it said in a statement.
HSBC shares lost further ground after the statement, off 1.2 percent at 697.8 pence at 1300 GMT, underperforming a 0.5 percent weaker European banking sector .SX7P.
HSBC said in December that an ex-employee had stolen data from its Swiss private bank’s headquarters in 2006 and 2007, but said to the best of its knowledge fewer than 10 clients were involved.
HSBC “unreservedly apologized” to clients for the threat to their privacy on Thursday, but said Swiss authorities said they will not support the use of the stolen data to answer requests from foreign authorities about tax issues.
Falciani is also reported to have attempted to sell the data to Germany for 2.5 million euros ($3.39 million), which tax investigators there estimated could rake in 100 million euros for German coffers.
Alexandre Zeller, CEO of HSBC’s private bank in Switzerland, said Falciani transferred data onto a computer other than the one the bank issued him and fled to neighboring France while under investigation.
Data theft risk was endemic to the business, Zeller said, adding that the bank had already added protection against this with USB keys and other technologies.
“We will always have new threats and we always have to invest more to ensure the IT security is all it can be,” Zeller said. “At the end of the day, whatever you do, the human factor will remain. Private banking is a business of trust.”
The stolen client information is limited to accounts in Switzerland, excluding ex-HSBC Guyerzeller accounts.
Additional reporting by Douwe Miedema and Jason Rhodes; Editing by Rupert Winchester