Credit Suisse Says Rogue Staffer Took Personnel, Salary Data

Credit Suisse Group AG warned part of its workforce that a former employee copied and took some of their personal data years ago, including descriptions of their compensation.

(Bloomberg) — Credit Suisse Group AG warned part of its workforce that a former employee copied and took some of their personal data years ago, including descriptions of their compensation.

The staffer, who had legitimate access to data at the time, transferred the information onto a personal device in breach of Credit Suisse policies and later left the company, the Swiss bank told employees in emails and letters, a copy of which was obtained by Bloomberg.

The breach was initially detected in March 2021, and after an internal investigation and attempts to recover the information, the bank notified employees this week, according to a person with direct knowledge of the matter. Part of the delay stemmed from the bank’s effort to identify who took the information, a process that involved going to court, the person said.

The revelation of the data theft comes as Credit Suisse tries to restore employee morale and client confidence following a series of losses and oversight lapses. In another case involving a rogue banker, the firm is still struggling to resolve a series of lawsuits from a billionaire client over hundreds of millions of dollars. A data leak involving thousands of former Credit Suisse clients, meanwhile, has drawn the scrutiny of Swiss prosecutors.

Read more: Credit Suisse Crisis Is Laid Bare in Four Disastrous Episodes

Finma, Switzerland’s banking regulator, is aware of the incident and has been in contact with the bank, a spokesman said, declining to comment further. The Swiss Attorney-General’s Office wasn’t immediately available to comment.

Some of the data taken included information on salaries and variable compensation between 2013 and 2015, as well as bank account information used for salary payments, the person said, asking not to be named discussing the confidential matter. The data taken varies by employee, the person noted.

The company found no evidence data was shared or used maliciously, the person said.

“Having investigated it thoroughly, we have taken and are continuing to take steps – including legal remedies — to adequately contain the incident,” the Zurich-based Credit Suisse said in a statement on Monday. “To date, there is no evidence of any onward transmission or intent to use the data in any way.”

Credit Suisse last week posted its worst annual performance since the financial crisis and warned of another loss this year. It has made significant cuts to its bonus pool, risking a further erosion of employee morale as it embarks on a restructuring that involves thousands of job cuts.

EFinancialCareers reported earlier Monday that employees had been told of the breach.

–With assistance from Sridhar Natarajan.

(Adds details on Credit Suisse’s struggles from fourth paragraph.)

More stories like this are available on bloomberg.com

©2023 Bloomberg L.P.