The Swiss bank that suffered a major information security breach, which led to the theft of private information of tens of thousands of clients, reported the true scale of the incident last week, following the return of some of the data to the bank by the Swiss authorities.
About three years ago, a former IT employee allegedly stole account information of about 15,000 clients who had active accounts with the bank's Geneva-based branch, HSBC said on Mar. 11. About 9,000 accounts that had been closed by the time the incident occurred were affected as well, according to a Bloomberg report.
HSBC has data centers in Europe, Hong Kong, Chicago and Mexico City.
According to MarketWatch, the bank had previously reported that less than 10 clients were exposed to the data theft.
Pledging to never let such a breach happen again, the bank said it had spent 100 million Swiss francs on security-system upgrades since the incident.
Clients affected were limited to those who had accounts in Switzerland before Ocober 2006, HSBC said.
\"We deeply regret this situation and unreservedly apologize to our clients for this threat to their privacy,\" CEO of HSBC Private Bank (Suisse) CEO Alexandre Zeller said in a statement. \"We are determined to protect our clients' interests and are taking every necessary measure to do so, actively contacting all our clients with Swiss-based accounts.\"
The Swiss federal prosecutor returned copies of a portion of the data in March. These files were originally seized from the suspect by the French authorities, who still hold much of the data. HSBC said the French had informed the Swiss authorities they would not use the data \"inappropriately.\"
Related white paper: Critical and hypercritical facilities: security considerations