Print
Discuss
Send to friend
RSS feedsHSBC has admitted losing a disc containing the details of 370,000 of its customers.
The disc, which was password protected, contained names, dates of birth, life insurance details and information on smoking habits. It did not contain bank account details.
The Financial Services Authority is investigating the incident. It is not known at this time exactly how the disc went missing.
"The data disk lost by HSBC contains no address or bank account details for any customer and would therefore be of very limited, if any, use to criminals," said an HSBC spokeswoman.
"Nonetheless, HSBC would like to apologise to its life assurance customers for any concern this may cause. Each customer will be contacted shortly and a thorough investigation into this matter is underway."
The case is similar to data breaches at HM Revenue & Customs, the NHS, the Ministry of Defence and the Royal Navy.
Nick Lowe, regional director for Northern Europe at Check Point, said: "The disc was apparently password-protected, but this can be overcome fairly easily by an IT-literate person.
"In this sector, where information is highly sensitive, always-on strong encryption of data is the minimum protection that should be applied to laptops, discs and USB storage devices.
"Yet fewer than half of UK public and private companies have any data encryption deployed."
Lowe added that the Financial Services Authority has a track record of levying large fines on companies that fail to protect customer data, and that this should encourage better protection for sensitive public information.
"That protection should be fully automated to safeguard against these types of losses," he said.
See also:
First attack surfaces months after the event 22 Feb 2008
Loss of 14,000 customer records breached Data Protection Act 21 Feb 2008All Privacy & Data Tags: HSBC, Security
del.icio.us
Digg this
reddit!
