Blog article
See all stories »

An article relating to this blog post on Finextra:

HSBC customer data lost in transit

HSBC says a computer disc containing the confidential personal details of around 370,000 UK life assurance customers has gone missing.

See article

HSBC loses credibility as well as data

Given the regulatory and reputational risk associated with the loss of personal customer data it beggars belief that a top tier bank can still think it's OK to despatch an unecrypted computer disc containing sensitive information on 370,000 of its customers by courier.

HSBC's defence - that the disc was password protected and contained no bank account information - is flimsy to say the least.

The office of the UK Information Commissioner is calling for stronger audit and inspection powers to carry out impromptu inspections on private sector organisations where poor practice is suspected. The UK's banks would be in the front line of any such raids, although this should be the least of their worries.

As the Commissioner notes: "If banks and building societies fail to treat people’s personal information securely, they risk losing the confidence and trust of their customers. Our research shows that over half of individuals no longer have confidence in the way organisations such as banks, local authorities and government departments handle their personal information." 


Comments: (3)

Fritz Thomas Klein
Fritz Thomas Klein - Independent Mind - Zurich 08 April, 2008, 11:51Be the first to give this comment the thumbs up 0 likes The loss of data is incredible. But why does the FSA allow banks, under pressure from the FATF, to distribute in cross-border credit transfers the account number of the instructing customer all over the world? It is inevitable that this account number will leave the banking environment, get into the hands of criminals (that also are provided with further information - all details about a transaction that most recently went via this account: the cross-border credit transfer!) and be mis-used elsewhere. The information on this account number is totally unnecessary to combat money laundering. A more consistent approach to the confidentiality of data would be more than appropriate.
A Finextra member
A Finextra member 08 April, 2008, 12:14Be the first to give this comment the thumbs up 0 likes And what exactly do they mean by "the disc was password protected"?
A Finextra member
A Finextra member 08 April, 2008, 15:12Be the first to give this comment the thumbs up 0 likes

It's fairly obvious that methodology has to be altered throughout the industry to minimise the amount of unnecessary data flying around the place, either on disk or networks.

It presents an opportunity for non-banks which enjoy better perception of digital security to infringe upon traditional bank markets. The industry needs to repond rapidly to turn around consumer views that they are hardly trustworthy in the digital world.

As a source of reliable information on digital security, Banks scored a distant third with only 7.6 percent of people asked, thinking of banks as a trusted information source. Doesn't this worry anyone?

Now hiring