Photographer: Stefan Wermuth / Bloomberg
Photographer: Stefan Wermuth / Bloomberg
Last month, a fake email purported to be from Credit Suisse Group AG CEO Thomas Gottstein, which contained personal data about former employees, was sent to police officials, regulators and the press in several countries.
Two weeks later, the Zurich-based lender has filed a lawsuit in the U.S. to try to unmask the source of the message, which it suspects could have been internal work.
Using a fake Gmail account bearing Gottstein’s name, the March 20 message attached proprietary files in an “apparent effort to cause as much damage as possible to Credit Suisse,” according to the San Francisco federal court complaint.
The addresses, telephone numbers, telephone numbers, dates of birth, social security numbers, bank account details, gender and marital status of Credit Suisse employees were disclosed, according to the judicial archive.
The incident occurs when Credit Suisse manages the consequences of the Archegos Capital Management explosion, in which a They raised $ 4.7 billion, the largest to date among investment banks that granted credit to trader Bill Hwang. Gottstein, who took over in February last year after an espionage scandal toppled his predecessor, has said “serious lessons will be learned” from the scandal.
The mysterious authors of the March 20 email said they had hundreds of thousands of additional similar records about Credit Suisse employees and “other interest groups” and threatened to disclose them, according to the lawsuit.
The email complied with what it claimed it revealed: an alleged data breach to Credit Suisse. He urged recipients to “take action against the bank” unless Credit Suisse takes “swift and immediate action,” according to Thursday’s complaint.
The bank denies that it did not protect personal data. Credit Suisse said in the lawsuit that it follows “sound policies and procedures” to maintain its systems and databases and that the content of the email reveals that defendants at some point had access to detailed internal information, including their relationships. contractual and ongoing business relationships.
Credit Suisse said the culprits “may be one or more former employees, but there is still not enough information to conclusively link the email to any specific individual or group of people.”
Reuters previously reported the lawsuit.
The case is Credit Suisse Securities v. Does, 21-cv-02568, U.S. District Court, Northern California District (San Francisco)