Citibank has taken two former employees to court after they sent private client information to their personal e-mail accounts shortly before they started working for a rival bank. Experts at InfoWatch point out that this is one of the most basic types of insider-related leaks: the private data is sent to a personal e-mail and then taken by the insider to his new workplace.
Citibank has sued two of its former Singapore-based employees. The bank has accused the insiders of copying confidential client information shortly before they went to work at rival bank UBS. The case is being heard by Singapore’s High Court.
Citibank stated in an affidavit that Jonathan Seah, a branch manager whose clients included high net worth individuals with substantial assets and investments ranging from a few hundred thousand dollars to over S$10 million, had sent confidential information to his personal e-mail address. It said the information included data about customers and their investments, an organizational chart of the bank, as well as other details.
The rapid rise of private banking in Singapore has led to a shortage of highly trained bankers, sales staff and relationship managers, which in turn has resulted in banks poaching specialists from their rivals.
Industry analysts say it is common for private bankers to try to take their clients with them to their new employer, but it is rare for banks to take legal action over such practices.
Singapore has a highly competitive market with players such as UBS, Credit Suisse, HSBC and Citibank. This is most likely the reason behind Citibank saying in its affidavits that Seah had breached his contract.
Specialists at Citibank noticed that the former employee changed the way he used his e-mail account in the few days before he resigned. In particular, he sent a lot more messages than usual. The bank has suggested that he took the confidential information to prove his worth to his new employer.
Citibank’s affidavit also mentions another former employee. Estehr Lim is accused of sending Jonathon Seah the names, addresses, contact and financial details of Citibank clients shortly before she resigned from the bank. Citibank said the e-mail was sent after Seah's official last day with the bank and Seah "had no business receiving these e-mails". It added that Lim had no reason to send Seah the materials "unless there was such an intention to use this information together". The bank is now seeking costs and damages that could have been incurred from their actions.
“E-mail is the most common channel for data leaks. It is essential for finance companies to employ security systems that safeguard against leaks and insiders. Maybe it won’t prevent the private details on a single client from being stolen, but it will prevent an insider from taking the details of several clients. The system also immediately blocks such activity, informs the security officer and provides evidence of the insider’s guilt,” explains Denis Zenkin, marketing director at InfoWatch.
Source: Reuters
