Photographer: Stefan Wermuth / Bloomberg
Photographer: Stefan Wermuth / Bloomberg
Last month, a fake email claiming to be from The executive director of Credit Suisse Group AG, Thomas Gottstein, who contained personal data about former employees, was sent to law enforcement officials, regulators and the press in several countries.
Two weeks later, the Zurich creditor filed a lawsuit in the United States to dismantle the source of the message – which he suspects could have been an internal job.
Using a fake Gmail account named after Gottstein, the March 20 message attached proprietary files in an “apparent effort to cause the maximum possible damage to Credit Suisse,” according to the San Francisco federal court complaint.
The addresses of former Credit Suisse employees, telephone numbers, birth dates, social security numbers, bank account details, gender and marital status were revealed, according to the court file.
The incident comes as Credit Suisse handles the aftermath Archegos Capital Management explosion, in which he took a $ 4.7 billion was hit, the largest investment bank to date to trader Bill Hwang. Gottstein, who took over in February last year after an espionage scandal overthrew his predecessor, said “serious lessons will be learned” from the scandal.
The mysterious authors of the March 20 e-mail said they had hundreds of thousands of similar additional records about Credit Suisse employees and “other interested actors” and threatened to reveal them, according to the lawsuit.
The email accomplished what it claimed to reveal: an alleged data breach at Credit Suisse. He urged beneficiaries to “take action against the bank”, unless Credit Suisse takes “prompt and immediate action”, according to Thursday’s complaint.
The bank denies that it failed to protect personal data. Credit Suisse said in the process that it follows “sound policies and procedures” to maintain its systems and databases and that the content of the e-mail indicates that defendants have at one time gained access to detailed internal information, including its contractual relationships and ongoing business relationships.
Credit Suisse said the culprits “may be one or more former employees, but there is not yet enough information to conclusively link the email to a specific person or group of people”.
The trial was previously reported by Reuters.
The case is Credit Suisse Securities v. Does, 21-cv-02568, US District Court, Northern District of California (San Francisco)