A former Credit Suisse employee leaked employees' historic bonus data
Just when it seemed that things might be settling down at Credit Suisse following last week's poor fourth quarter results, there is another ruckus. An email from the bank went out to what are thought to be thousands of current and previous Credit Suisse employees today, saying that their personal information has been leaked by a rogue employee.
Seen by eFinancialCareers, the email states that, "an individual employee, who has since left the firm and had legitimate access to your personal data at the time of their daily work, inappropriately copied this information without Credit Suisse authorisation onto their personal device."
It says that the information in question includes "salary and variable compensation" for the period between 2013 and 2015, plus the bank account details used to pay bonuses and salaries during that period. There is no evidence that the data has been used maliciously or forwarded to other individuals.
A forensic investigation has been conducted into the leak, which was the result of the illegal data theft by an individual employee rather than a failing of Credit Suisse systems. The bank first identified the issue in March 2021 and conducted an immediate investigation, before being impacted by court delays resulting from COVID. As a result, Credit Suisse was compelled to get a search and seizure order to prevent the dissemination of the data while it continues to pursue enforcement action against the ex-employee.
Current and former Credit Suisse employees affected by the leak are invited to obtain a 12-month identity monitoring service from Experian, paid for by Credit Suisse, and the bank has opened a hotline for anyone concerned about identity theft.
"It's more bad news," says one former director at the bank who left last year, who said many former employees are concerned that their data has been compromised, even though the letter makes it clear that this isn't the case.
In a statement, Credit Suisse said: “Credit Suisse has recently addressed a data security incident that involved information relating to a number of Credit Suisse personnel. This data was moved some years ago by a former employee, with legitimate systems access, to their personal device - in breach of Credit Suisse policies and procedures. Having investigated it thoroughly, we have taken and are continuing to take steps – including legal remedies – to adequately contain the incident. To date, there is no evidence of any onward transmission or intent to use the data in any way.”
Relevant regulators and data protection authorities have been informed.
Have a confidential story, tip, or comment you’d like to share? Contact: firstname.lastname@example.org in the first instance. Whatsapp/Signal/Telegram also available (Telegram: @SarahButcher)
Bear with us if you leave a comment at the bottom of this article: all our comments are moderated by human beings. Sometimes these humans might be asleep, or away from their desks, so it may take a while for your comment to appear. Eventually it will – unless it’s offensive or libelous (in which case it won’t.)