HSBC admits huge Swiss bank data theft

HSBC has offered an unreserved apology to customers

About 24,000 clients of HSBC's private banking operation in Switzerland had personal details stolen by a former employee, the company has admitted.

In December, HSBC said that just 10 account holders were affected by the theft, which happened three years ago.

The information stolen concerns 15,000 accounts that are still active. Another 9,000 accounts have been closed since the theft.

HSBC says that it does not think the data can be used to access accounts.

"We deeply regret this situation and unreservedly apologise to our clients for this threat to their privacy," said Alexandre Zeller, chief executive of HSBC Private Bank (Suisse).

"We are determined to protect our clients' interests and are taking every necessary measure to do so, actively contacting all our clients with Swiss-based accounts," he said.

The former employee, Herve Falciani, who worked in HSBC's IT division, fled to France while under investigation in Switzerland.

French authorities subsequently seized the data, and then passed it to the Swiss Federal Prosecutor.

Switzerland's financial and banking regulator said it had launched "formal administrative proceedings against HSBC" over the security breach, adding that the stolen data was "extensive".

HSBC, which first learnt of a data breach in December 2008, said it had since invested 100m Swiss francs ($93.3m; £62.3m) to upgrade and improve the security of its data systems.

Mr Zeller said, however, that it was "still unclear how Falciani managed to steal the information".

He said that HSBC had only become aware of the extent of the leak after Swiss authorities received the information from France and then alerted the bank on 3 March.

HSBC said that the account holders were based in several European countries, including Britain.

Tax evasion

News of the theft comes as the US and some countries in Europe try to crack down on tax evasion through the use of overseas accounts.

In recent years there has been pressure on Switzerland and Liechtenstein to become more transparent about accounts held there.

This is thought to have led to some bank employees stealing account data and passing it to tax authorities.

In Germany, an anonymous informer has offered to sell data stolen from an unnamed Swiss bank to tax officials.

Previously, Germany bought similar stolen data about clients of a bank in Liechtenstein. Some of this information was handed to tax authorities in the UK, which is also thought to have paid for the data.

French tax authorities are thought to be investigating up to 3,000 of its nationals using bank accounts outside the country.

Government authorities have defended paying for stolen data as in the public interest. However, the practice has been strongly criticised.

The UK's Revenue & Customs (HMRC) office paid around £100,000 for information about its taxpayers with bank accounts in Liechtenstein, according to accountants UHY Hacker Young.

"Paying criminals for data stolen from banks is highly questionable," said the firm's tax partner, Roy Maugham.

"If people know that there is a market for this data, they will steal it in expectation that HMRC or another tax authority will hand over a six figure sum," he said.