Credit Suisse Group AG notified its workforce about a 'rogue' employee, who has since left the Swiss bank, stole personal data, including salaries and bonuses, of other employees.
Recruitment company eFinancialCareers first reported the former employee stole personal data years ago. At the time, the staffer had legitimate access to employee data and transferred it to a personal device in breach of company policies.
eFinancialCareers provided a snippet of the email that went out to employees:
"An individual employee, who has since left the firm and had legitimate access to your personal data at the time of their daily work, inappropriately copied this information without Credit Suisse authorization onto their personal device."
The email outlined that "salary and variable compensation" data between 2013-15 was taken. Also, bank account information to pay bonuses and salaries was copied onto the personal device.
The Swiss bank first discovered the issue in March 2021. "There is no evidence that the data has been used maliciously or forwarded to other individuals," eFinancialCareers said.
Credit Suisse released this statement about the incident:
"Credit Suisse has recently addressed a data security incident that involved information relating to a number of Credit Suisse personnel. This data was moved some years ago by a former employee, with legitimate systems access, to their personal device - in breach of Credit Suisse policies and procedures. Having investigated it thoroughly, we have taken and are continuing to take steps – including legal remedies – to adequately contain the incident. To date, there is no evidence of any onward transmission or intent to use the data in any way."
A former director at the bank told eFinancialCareers that employees are concerned about their data being compromised. The person added: "it's more bad news" for the bank embroiled in scandals and experienced a "staggering" bank run in 2022.