The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Fugitive in Bank Data Theft Case Faces Four Years in Prison

by Chris Brook on Thursday January 10, 2019

Contact Us
Free Demo
Chat

A former bank employee - now believed to be a fugitive - is being charged with commercial espionage, among other crimes, after stealing data on the bank's clients.

An ex-employee at a Swiss bank and financial services company could face up to four years in jail for allegedly stealing company data. If police can find him, that is.

The trial was set to begin at the Swiss Federal Court in Bellinzona, a city in southern Switzerland, close to the Italian border, on Tuesday this week but was bumped back to Wednesday when the suspect failed to appear. When the suspect failed to appear for the trial's second day a prosecutor asked for a four-year sentence for breaking bank secrecy laws.

The fugitive allegedly stole data belonging to more than 200 clients, including including over 30 family foundations, of UBS Group AG, back in 2010. The suspect, who worked in the bank's trust and foundations department, reportedly sold the data to another party who distributed it German tax authorities. Authorities subsequently used that data to search the homes of 233 UBS customers.

According to Bloomberg, which reported on the trial - or lack thereof - this week, the suspect, known only as Rene S., used a portion of his earnings ($1.3 million) to buy an apartment on Mallorca, an island off the coast of Spain.

Gabriela Lenz, a human resources specialist with the bank, reportedly told Rene S.'s lawyer that UBS determined it was him by process of elimination.

“We concluded that no other person had access to all the systems that could have done this,” Lenz said.

Bloomberg doesn't say how exactly the suspect exfiltrated the data he's being accused of selling but the fact he did it in the first place, something that goes against Swiss banking secrecy laws, is crucial to the case's underpinnings.

While Swiss banking secrecy isn't as strict as it once was, one portion of the law, Article 47, says anyone who divulges clients' secrets can be sentenced to five years in prison. Rene S. is being accused of not only violating this law but also commercial espionage, money laundering – because he eventually sold that Mallorca apartment, and illegal munitions possession – because police found hollow-point bullets, prohibited by law, at the apartment.

It’s unclear what the timeline around the theft was. Despite news of the incident not coming to light until this week, Bloomberg says Rene S. stole the data nine years ago, over the course of a few days in 2010. The report doesn't say whether the employee was let go from UBS or if he left voluntarily.

The ex-employee's legal representatives apparently have no knowledge of his whereabouts but say Rene S. denies the charges against him. The lawyer, Moritz Gall, went on to suggest UBS and federal prosecutors look into an allegation made by an external asset manager the theft was carried out by a computer technician.

As Bloomberg notes, the case mirrors one involving Hervé Falciani, a former systems engineer with HSBC Holdings behind the biggest banking leak in history. In 2008 Falciani stole data on wealthy customers and leaked it to French tax authorities to publicize that it was helping foreign clients sidestep taxes. Like Rene S., Falciani didn't show up for his trial, coincidentally held at the same court, in 2015. Falciani was convicted of corporate espionage by the court but eluded capture by moving to Spain where attempts to extradite him to Switzerland have been unsuccessful.

Tags: Industry Insights, Financial Services

Recommended Resources


  • An overview of the FFIEC CAT
  • How to use the CAT to identify areas of risk
  • How Digital Guardian helps reduce these risks
  • A compliance timeline for all 18 provisions
  • Financial services case studies
  • How Digital Guardian can help

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.