Singapore banks told to boost security after StanChart data theft

PUBLISHED : Friday, 06 December, 2013, 6:13pm
UPDATED : Friday, 06 December, 2013, 6:13pm

Singapore’s central bank has called on financial institutions to tighten up cyber security after a database on elite customers of Standard Chartered Bank was compromised.

Police confirmed on Friday that information on private-banking clients of the British lender had been found in the laptop of a Singaporean man charged with hacking the parliamentary district website of Prime Minister Lee Hsien Loong.

The Monetary Authority of Singapore (MAS) said in a statement it has “reminded all FIs (financial institutions) to heighten their vigilance to safeguard their IT systems and customer information, including controls at third party service providers”.

“MAS is paying special supervisory attention to FIs’ compliance with MAS’ requirements for IT outsourcing.”

In a statement, the Singapore Police Force said it discovered files containing data on Standard Chartered’s clients in a laptop seized from James Raj when he was arrested on November 4 in Malaysia.

The 35-year-old was extradited to Singapore and charged on November 12 with hacking the Ang Mo Kio district website, whose MPs include Lee, and posting the image of a Guy Fawkes mask used by international hacker group Anonymous.

The alleged hacking was among a string of cyber attacks that have also targeted the official websites of Lee and President Tony Tan as well as pro-government media.

Some of the attackers denounced new rules requiring news websites in Singapore to obtain annual publication licences, but other hacking incidents appear to be unrelated.

Standard Chartered, whose biggest shareholder is Singapore’s state investment firm Temasek Holdings, said in a statement the monthly statements of 647 private banking clients for February this year were stolen from the servers of Fuji Xerox, which it had engaged for printing services.

“The confidentiality and privacy of our clients are of paramount importance to us, and we take this incident very seriously,” Ray Ferguson, the bank’s chief executive, said in the statement.

“Customer data protection is our responsibility and we sincerely apologise to all our customers and specifically to our private bank clients who have been affected.”

The bank said no unauthorised transactions resulted from the incident, and that its retail and other banking units were not affected.

The MAS said it was investigating the matter and while it was an “isolated case” it underscored the need for greater vigilance.

“Globally, financial institutions have been facing an increasing number and variety of cyber threats,” it said.

“MAS takes a serious view of such threats and has stringent requirements in place for FIs to protect the security of their IT systems and confidentiality of their client data.”

Singaporean lawyer M Ravi, who is representing Raj, did not immediately comment on the matter.

Raj was denied bail on Wednesday after a court ruled that he posed a flight risk.

He has yet to comment on his links to Anonymous, an amorphous group of global hackers.