The AP is reporting that Customers having Swiss bank accounts with HSBC between late 2006 and early 2007 had their account information stolen by a former IT employee of an HSBC subsidiary. CBS News, also publishing an AP report, is stating that the number is 15,000 customers, although the 24,000 number appears to be a later publication time. Customers affected are worldwide in scope.
If you were one of the affected customers, you apparently are already aware of the data breach because HSBC says that it contacted you. Stated another way, HSBC contacted you to tell you that your (presumably) secret Swiss bank account is not so much of a secret anymore.
The accounts have been closed, and there does not appear to be any real risk that the information will be used to access account holders’ accounts. That may sound reassuring to the customer being contacted. That is, unless the customer asks a few more questions.
“Well, where is my information,” you may have asked if you were one of the customers contacted. You probably had spent years funneling this money into your secret, non-taxed, Swiss bank account. You will not be happy if some criminal takes your illegally shielded money.
This is where the story takes an interesting turn. Apparently, the IT employee was not content to let the information sit in a drawer, and the data was "turned over" to the French government. What could possibly come from that, right?
We have read reports that the German government may be buying information on Swiss account holders. Now we can add the French government to that list. France released the names of 3,000 Swiss account holders in 2009. The AP story cites the same IT employee as one of the sources of the information on those 3,000 account holders.
Apparently the stolen data was returned by the French government to the Swiss government, and eventually made its way back to HSBC. Thank goodness. But wait, France still has copies of the information. Not to worry, the information will not be used "inappropriately" by the French government. It does, however, remain to be seen whether an appropriate use would be the prosecution of tax evaders.
It also is not immediately apparent what sanctions HSBC may face as a result of the breach, which triggers very strict, European privacy laws.