Photographer: Stefan Wermuth / Bloomberg
Photographer: Stefan Wermuth / Bloomberg
Last month a fake email pretending to be from Thomas Gottstein, CEO of Credit Suisse Group AG, which contains personal data on former employees, has been sent to law enforcement officials, regulators and the press in several countries.
Two weeks later, the Zurich-based borrower filed a lawsuit in the U.S. to expose the source of the message – which he suspects may have been an internal job.
The March 20 message, which used a fake Gmail account named Gottstein, attached its own files in an “apparent attempt to inflict maximum damage on Credit Suisse”, according to the complaint in federal court filed in San Francisco.
According to the court document, the address, telephone numbers, dates of birth, social security numbers, bank account details, gender and marital status addresses, telephone numbers, former credit staff were disclosed.
The incident comes as Credit Suisse the consequences of the Inflation of Archegos Capital Management, in which it is a $ 4.7 billion, the largest so far among the investment banks that have given credit to trader Bill Hwang. Gottstein, who took over in February last year after an espionage scandal toppled his predecessor, said “serious lessons will be learned” from the scandal.
The mystery authors of the March 20 email said they had hundreds of thousands of additional, similar records about Credit Suisse employees and ‘other stakeholders’, and reportedly threatened to release them.
The email reached what he claimed to have made public: an alleged data breach at Credit Suisse. According to the Thursday complaint, recipients asked to ‘act against the bank’, unless Credit Suisse ‘acts quickly and immediately’.
The bank denies that it did not protect personal data. Credit Suisse said in the case that it follows a “strict policy and procedure” to maintain its systems and databases and that the content of the email reveals that at some point the accused gain access to detailed internal information has, including its contractual relationships and continuing business relationships.
Credit Suisse said the culprits “may be one or more former employees, but there is not yet enough information to link the email in a definite way to any particular individual or group of individuals.”
The case was reported earlier by Reuters.
The case is Credit Suisse Securities v. Does, 21-cv-02568, U.S. District Court, Northern District of California (San Francisco)