SINGAPORE - The practice at Standard Chartered Bank of using a third-party firm to print the monthly statements of its wealthy clients is not followed by three leading private banks here. UBS, Credit Suisse and Bank of Singapore all said they do not outsource the printing of such documents.
"All data remains within UBS infrastructure at all times. At no point in the production process is data transferred externally to a third-party vendor," UBS said.
Bank of Singapore said it does not outsource printing of any materials containing customer information, while Credit Suisse said client statements are printed in-house using its own infrastructure and on its own premises.
Their comments come after dramatic revelations by StanChart on Thursday that the February bank statements of 647 of its private banking clients had been stolen from a server at Fuji Xerox, which was hired to print the material. Police found the statements on the laptop of James Raj Arokiasamy, the alleged hacker behind "The Messiah" pseudonym charged with accessing a town council website. It is not clear how the documents were stolen from the server or how they landed on James Raj's laptop.
Fuji Xerox told The Straits Times that police removed a server and desktop on Thursday from an offsite printing facility used to serve StanChart Private Bank.
The bank statements would likely have contained detailed, highly confidential information such as the clients' home addresses and amount of funds held with the bank. In the wrong hands, such data could be used for a range of criminal activity, said Mr Bryan Tan, a partner of law firm Pinsent Masons MPillay. "For example, it could be used for identity theft - someone could use that data to apply for loans in your name."
The Association of Banks in Singapore said the incident is a stark reminder for all financial institutions to ensure their IT infrastructure and systems are "robust and hardened" - a sentiment echoed by various banks.