A Swiss unit of global banking giant HSBC revealed Thursday that details on 24,000 bank customers may have been leaked in a major security breach that has helped fuel pressure on Switzerland over tax evasion.
Alexandre Zeller, chief executive of HSBC Private Bank (Switzerland), said 9,000 of them had left the bank since the the data theft by a computer expert three years ago, and 15,000 of its remaining customers were concerned by the case.
Switzerland’s financial and banking regulator announced that it had launched “formal administrative proceedings against HSBC” over the security breach, noting that the stolen data was “extensive.”
Shortly after the case first came to light in France in December, the bank said that to its knowledge the stolen data concerned fewer than 10 clients.
On Thursday, HSBC Private Bank apologised to its clients in a statement and said it was only just coming to understand the full extent of the leak.
“It is now clear that the theft, which was carried out by an employee of the IT department about three years ago, could concern about 15,000 current clients whose accounts were opened in Switzerland before October 2006,” Zeller said.
The incident triggered a brief spat between Switzerland and France last year amid pressure on Swiss banking secrecy,
Acting on a Swiss warrant over the theft, French authorities recovered the data from former computer specialist Herve Falciani and then said they were probing suspected evasion by French taxpayers with secret Swiss accounts.
“It’s still unclear how Falciani managed to steal the information,” Zeller admitted. Falciani had worked for the bank for seven years.
HSBC insisted that client data in the bank’s branches outside Switzerland or other parts of the banking group were not affected because of distinct computer and security systems.
But Zeller said the affected clients “were not all French” and declined to give further details.
HSBC said it was only been able to evaluate the extent of the leak after it received the copies on March 3 from the Swiss attorney general’s office.
The Swiss Financial Markets Supervisory Authority said in a statement that it had launched proceedings against the bank this month.
“It is investigating how in 2007 a data theft to this extent could have happened and if the organisational and technical measures implemented by HSBC since this incident to prevent such occurrences comply with the legal requirements,” it added.
Zeller said the data came in the form of “sophisticated computer files” rather than a list of customers, and could not be exploited to gain access to accounts.
The bank spent 100 million Swiss francs to bolster security in the last three years and is “actively contacting all our clients who have accounts open in Switzerland,” he added.
Switzerland and France announced they had resolved their dispute over the affair last month.
France sent copies of the data to Switzerland and gave an assurance that it would not be transmitted to other countries.
The dispute had halted ratification of a new dual taxation treaty between the two countries, which is aimed at boosting cooperation on tax fraud and marks a softening of Switzerland’s closely-guarded banking secrecy.
It is one of a string of deals struck by the Swiss to fall in line with international standards against tax evasion, following months of pressure by the United States and leading European economies.
In Germany, an anonymous informer has offered to sell data stolen from an unnamed Swiss bank to tax authorities.
Zeller said the Falciani affair had so far had a marginal impact on bank’s business.
Figures released by the Geneva-based bank showed that there had been net asset withdrawals of 1.0 billion Swiss francs in Europe over the whole of 2009.