Files containing data on Standard Chartered’s clients were discovered on a seized laptop. Photo: AFP
Singapore's central bank has called on financial institutions to tighten up cyber security after a database on elite customers of Standard Chartered Bank was compromised.
The Monetary Authority of Singapore (MAS) said in a statement it has "reminded all FIs (financial institutions) to heighten their vigilance to safeguard their IT systems and customer information, including controls at third party service providers".
Data of wealthy clients stolen from StanChart in Singapore
The information was stolen from a server used for Standard Chartered Private Bank at a printing facility, Fuji Xerox Singapore chief executive officer Bert Wong said. Other clients weren’t impacted and a forensic team is probing the breach. Photo – Bloomberg News
Standard Chartered said wealthy clients' confidential information was stolen in Singapore from a printing company, underscoring the vulnerability of global banks to attacks from hackers and thieves.
Singapore's central bank plans to consider regulatory action against Standard Chartered after reviewing the bank's investigation into the incident. The London-based lender said it hasn't found any unauthorised transactions since the theft from Fuji Xerox, which was hired to print statements for the 647 clients, and is contacting affected customers. The city's police discovered statements for February on a laptop seized from an alleged hacker.
The security breach threatens to undermine Singapore's reputation as a private-banking hub for Asia. The city is Asia's largest wealth management centre with about $800 billion in offshore assets, according to Boston Consulting. Shares of Standard Chartered, which this week forecast that earnings from its consumer-banking unit will drop, fell to the lowest in five months in Hong Kong trading.
StanChart client data stolen in Singapore via Fuji Xerox server
Bank statements belonging to hundreds of Standard Chartered's richest customers were found to have been stolen from a server at Fuji Xerox Singapore, the third party where printing was outsourced
The unauthorized access only came to light after files containing the data were found on a laptop, belonging to the recently arrested alleged hacker "The Messiah", according to Today. James Raj Arokiasamy was arrested last month and charged for hacking a government website and has been linked to a spate of other cyberattacks
Standard Chartered was notified by Singapore police of the theft of 647 of its Private Bank clients' monthly bank statement for February 2013, according to its joint statement with Fuji Xerox on Thursday
Standard Chartered says private bank client statements stolen in Singapore
The Monetary Authority of Singapore (MAS) said it was aware of the matter and investigating. "We will review SCB's (Standard Chartered Bank) investigation report and consider if regulatory action against the bank is warranted," the central bank said in a statement. MAS added it believed the incident was an isolated case but said it had reminded all financial institutions to safeguard their IT systems and customer information.
Standard Chartered said it had not found any evidence that unauthorised transactions had resulted from the incident and that it was contacting the clients whose statements were taken. It added that customers from its retail and other banking units had not been affected.
Fuji Xerox Singapore said it had taken appropriate action to protect its servers and a forensic team was conducting a review.
Standard Chartered Customer Data Stolen
Standard Chartered PLC said Thursday that hundreds of its private-banking clients had their monthly statements stolen from a server at Fuji Xerox, where the statements were being printed.
Standard Chartered said it hadn't found any unauthorized transactions since its data security was breached and that it was contacting the 647 clients affected.
The company's joint statement with Fuji Xerox didn't say whether the accounts of the affected customers were in Singapore and it didn't identify the customers. It also didn't say when the breach occurred.
647 StanChart bank statements stolen in Singapore
They were found on the laptop of an alleged hacker.
Standard Chartered said the February 2013 monthly statements for 647 of its clients were stolen, taken from the server of Fuji Xerox which provides printing services to the bank.
related: Singapore banks told to boost security after StanChart data theft
Full statement from Standard Chartered Bank
“5 December, Singapore - Standard Chartered has been notified by the police of the theft of 647 of its Private Bank clients' monthly bank statement for February 2013.
Ray Ferguson, CEO, Standard Chartered said: "The confidentiality and privacy of our clients are of paramount importance to us, and we take this incident very seriously. Customer data protection is our responsibility and we sincerely apologise to all our customers and specifically to our Private Bank clients who have been affected.
The Bank has spared no efforts to thoroughly investigate the matter and can confirm that based on investigations to date, the theft did not occur through the Bank's IT and data security systems but through one of the servers of a third party service provider which the Bank engaged to print bank statements for its Private Bank clients. As a precautionary measure, the Bank is contacting its affected Private Bank clients.
Full coverage:Kroll Ontrack: Standard Chartered client data stolen
The Guardian: Standard Chartered says client bank statements were stolen
Times of Oman: Data of wealthy clients stolen from StanChart in Singapore
Sky News Australia: Singapore banks told to boost security
San Francisco Chronicle: Standard Chartered Says Bank Client Data Stolen in Spore
Singapore Business Review: 647 StanChart bank statements stolen in Singapore
Business Times: MAS reviewing StanChart report on bank statement theft
Channel News Asia: Singapore private banks may face steeper compliance costs
Did you know that
The theft of bank statements of StanChart’s private banking clients from Fuji Xerox took place in March?
And both bank and printer only knew about it this month after police found them on James Raj’s laptop?
Also, Fuji Xerox has said that “definitely no employee” is involved. So maybe James Raj is a super hacker, and you wonder what use was made of those 647 bank statements in the intervening eight months before his arrest.
Hacking in Singapore: Messiah complicated
The name James Raj Arokiasamy may or may not trip off the tongue, but it has been everywhere in the city-state’s media in recent days. Mr James Raj, who may or may not be a.k.a. “The Messiah”, stands accused of hacking into at least two government websites as well as that of a scandal-plagued singer and churchman. In all, as many as 19 government websites were taken down simultaneously on the afternoon of November 2nd. (Three hours later a government agency used Twitter to announce that the sites were down due to “planned maintenance”.)
And then the story gets complicated. Since Mr James Raj’s arrest in early November, a series of copycat attacks have compromised the websites of high government offices, a government-friendly newspaper and others, using cross-scripting and DDoS attacks. On November 22nd the websites of 13 schools were defaced in less than two hours’ time.
And on December 5th, Standard Chartered, an international bank, said that data belonging to some 647 if its “high net-worth” clients were stolen from a server at Fuji Xerox Singapore. Here the link to Mr James Raj seems clear: the data is said to have been retrieved from his laptop.
S’poreans feel safe as Standard Chartered loses 647 Private Bank’s clients’ data to hacker
Bank did well as they did not lose data to anyone else, such as someone working in the bank
Singaporeans from all walks of life with varying amounts of money in the bank are glad that Standard Chartered has lost 647 Private Bank’s clients’ data to the hacker, James Raj, also allegedly known as, The Messiah.
This after files containing data on Standard Chartered Bank’s clients were found in a laptop seized from James Raj, who had been arrested by police in November for defacing some websites.
One Singaporean, Jin Wu Lui, said he is heartened that it took a hacker to break into the server to steal the personal data: “Imagine if the data was lost to a staff working in the bank itself. That would have been disastrous as it would be an inside job.”
2 Million More Passwords For Facebook, Google, Twitter, Other Sites Were Stolen And Posted To The Net
Hackers managed to steal user passwords through keylogging software. The software records all your credentials, including passwords and route information, to the proxy server (a computer system or an application that acts as an intermediary for requests from client seeking resources from other servers), making it impossible to know which computers have the virus. The hacking began on October 21 of this year.
John Miller, security research manager at Trustwave, said that the hack wasn’t due to an imperfection in any of those company’s servers. “It was the individual users’ computers that had the malware installed on their machine,” he said.
Hackers Are Attacking Millions Of Computers And Demanding Ransom In Bitcoins
Before you mail holiday gifts to far-away friends and relatives, back up your most important computer files. There's a scary new computer virus called CryptoLocker that was spreading like crazy in the U.K. last month and is now crossing over to infect U.S. computers.
The National Crime Agency in the U.K. issued an alert last month saying that hackers have targeted "tens of millions" of computers.
CryptoLocker is a form of a virus called "ransomware," meaning hackers do something bad to your computer and then demand money to reverse what they've done. In this case, CryptoLocker encrypts the files on your computer. Then you get a pop-up notice on your computer telling you that you must pay if you want your files back.
Here's A Great Idea For Creating Passwords That Are Easy To Remember But Hard To Hack
The most popular passwords are "123456" or the even more clever "123456789" or the ever-popular "password." (Here's a list of the top 25 passwords to avoid.) After we wrote about 2 million more user names/passwords found on the net this week, we heard from computer security expert Neal O'Farrell, executive director of The Identity Theft Council.
He offered this excellent tip about how to create easy-to-remember passwords that are hard for hackers to guess: Don't use passwords, use passphrases.
Analysis reveals popular Adobe passwords
"123456" was the most popular password among the millions of Adobe users whose details were stolen during an attack on the company.
About 1.9 million people used the sequence, according to analysis of data lost in the leak.
Online copies of the data have let security researchers find out more about users' password-creating habits.
The analysis suggests that many people are making it easy for attackers by using easy-to-guess passwords.
Adobe hack worse than first reported
Malware mastermind suspect arrested
Adobe confirms data security breach
Adobe in source code and customer data security breach
Adobe says cyber attacks have become an "unfortunate" part of doing business
The attackers accessed encrypted customer passwords and payment card numbers, the company said. But it does not believe decrypted debit or credit card data was removed.
Adobe also revealed that it was investigating the "illegal access" of source code for numerous products, including Adobe Acrobat and ColdFusion.
"Anonymous" Hackers arrested & charged in Court