The Wall Street Journal reports that HSBC Holdings is saying that a former employee stole account information on 24,000 from its private Swiss bank and that the information has ended up in French government hands. HSBC had originally said last year that less than ten clients had been affected by the theft. A New York Times article says that there are about 100,000 clients in HSBC's Swiss private bank.
The theft was carried out in 2006 and 2007 by an HSBC IT employee in Switzerland who then tried to sell the information to various governments looking for tax cheats. When HSBC found out, the employee fled to France where French officials eventually confiscated HSBC's client information. While wanted in Switzerland on criminal theft charges, the employee remains free in France.
French officials have returned the stolen information to HSBC but also say they plan to use a copy of the information to pursue domestic tax evaders.
Governments such as Germany have been more than happy to receive stolen bank account data from Swiss banks in the search for tax cheats. Last month, Germany confirmed that it would be more than willing to pay for such information.
While I am not very sympathetic to tax evaders, it seems to me that this is a very slippery slope for governments to operate on. Does one crime justify the hypocritical encouragement of another? Where does the buying of stolen information stop?
For instance, what if the Swiss government, in retaliation, decides to announce that it will be more than happy to buy stolen personal information - say embarrassing medical information on certain German politicians - that it will share with German newspapers? Would that be justifiable as well?
I think not - but if I were in the Swiss government, I might be awfully tempted to make the offer.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.