The bank said the theft case involved existing clients who had accounts with HSBC Private Bank (Suisse) in Switzerland before October 2006. Clients outside the Swiss branch were not affected. Many wealthy individuals in Hong Kong use Swiss private banking services.

HSBC said an unnamed former information technology employee carried out the theft three years ago. He had tried to sell the stolen information but failed.

The bank said Swiss authorities earlier this month returned the stolen data files to HSBC, which showed that client information had been compromised. As a result, the global lender is contacting customers to explain and apologise.

The bank said the stolen information, which had been seen by Swiss and French investigators, would not be handed over to other foreign authorities that seek access for tax purposes. Swiss banks are under pressure from United States and European tax authorities, who want to review private bank accounts to uncover tax dodgers.

During the investigation in Switzerland, the thief fled to France, where he was subsequently caught and the stolen files seized. The French passed the files to the Swiss Federal Prosecutor, who handed the copies back to HSBC on March 3.

'We deeply regret this situation and unreservedly apologise to our clients for this threat to their privacy,' said Alexandre Zeller, chief executive of HSBC Private Bank (Suisse). 'We are determined to protect our clients' interests and are taking every necessary measure to do so.'

HSBC said it had spent more than 100 million Swiss francs (HK$722.58 million) to upgrade its security systems in the past three years.

'We have substantially upgraded our systems and done everything in our power to ensure this sort of attack could not happen today,' said Chris Meares, chief executive of HSBC Global Private Banking.

Legislator Chim Pui-chung, who represents the financial services sector, said the apology from HSBC had come too late.

'The theft happened three years ago, so why did the bank only contact clients now,' he said. 'As a responsible bank, HSBC should have informed the clients and public about the data theft once it noticed it.'

An HSBC spokesman said the Swiss media had reported the theft and the bank had not covered it up.

'HSBC could only get a full picture of the case after the authorities passed the files back to us on March 3,' he said.

The spokesman said the bank had monitored all accounts at the Swiss private bank and confirmed that no losses had occurred and that no third parties had accessed the accounts.

To be a client of HSBC private bank, individuals need at least US$2 million in liquid assets, excluding their primary residence.

A criminal investigation led by the Swiss authorities into the theft is under way.