Hundreds of people — including former James Bond actor Roger Moore — had their secret Swiss bank account numbers, private addresses and money transfer details exposed to public online viewing because of a technical glitch at Credit Suisse, Switzerland’s second largest bank.
Credit Suisse confirmed the glitch Thursday, saying that “data relating to prominent persons” was exposed to public viewing, but declined to say how many customers were affected. The bank insisted that security at its online service Direct Net was never breached.
Swiss newspaper Blick reported that details of 675 transactions, with amounts ranging from 48 cents to $26,113 (US$), were publicly viewable for a week. Other celebrities affected included Swiss musician DJ BoBo and German pop star Udo Juergens, who reportedly threatened to take legal action against the bank.
“This is a first-class scandal,” Juergens told Blick. “How can I feel secure at such an institution?”
Not Our Fault
Although Credit Suisse acknowledged that the glitch had occurred, it placed the blame elsewhere.
“Credit Suisse has not published any customer data on the Internet,” the bank said. “An external company did, however, enter information in the area of the Credit Suisse Web site accessible to the public.”
According to Credit Suisse, the glitch occurred when the external company was testing its Direct Net test module and, instead of using fictitious data, used “its own genuine customer data” to test the system.
Credit Suisse did not name the external company involved, but Blick reported that the company involved was Swissperform, an agency that handles royalty payments for Swiss-based performers.
Investigation Under Way
Insisting that “at no time was customer information originating from Credit Suisse available on the Internet,” the company nonetheless issued an apology and said that it “regrets the incident.”
Credit Suisse said that although the module of Direct Net in question was designated as being for testing purposes, the bank was evaluating the situation and had blocked access to the test module for the time being.
The company insisted that customer data and accounts were not accessible through the testing module, and that to get into customer accounts, users have to pass through three levels of security.
The incident came at a bad time for Credit Suisse. Wednesday, the bank announced it was launching an online investment service aimed at Europe’s “mass affluent.” To open an account, customers must have at least $42,737 worth of assets to be managed.
Despite the hefty price of admission, Credit Suisse reportedly has had 1,000 people sign up for the service.
This is not the first time that an online bank has exposed its account-holders’ confidential information to the prying eyes of the Internet public. In July, the UK’s Barclays Bank was forced to take its online banking service offline briefly after the discovery of a software glitch that allowed customers to read details of other peoples’ accounts.
The bank confirmed the glitch, but said it had only received seven complaints from 1.2 million users.