• silicon.com
• Management
• CIO Insights

By Nick Heath, 7 April 2008 12:23

NEWS

HSBC faces possible investigation by the UK's financial watchdog after admitting losing a CD containing the details of 370,000 customers.

The CD contains the names, dates of birth and insurance-cover levels of people with life assurance at the bank.

The disc went missing about four weeks ago after being sent from the group's offices to a reinsurer through an external courier.

Full Disclosure campaign

silicon.com is aiming to make businesses and government take data security more seriously. Read more here.

A spokesman for the bank said that such information was normally sent over an encrypted electronic channel but that it had sent the CD because the system was not working and the information was needed quickly.

A spokesman for HSBC said: "There is no information on this disk in relation to banking or payment details and there were no addresses, so the scope for any fraudulent activity is vastly reduced. There is also no indication it has been stolen and the disc is password protected. But we appreciate this is not what our customers expect and we apologise."

The spokesman said the bank would be contacting every customer affected by the loss and was trying to locate the CD.

The Financial Services Authority (FSA) has been informed about the loss and the bank faces a possible investigation, with the risk of a fine if a lapse in security is found.

A spokesman for the FSA said: "We look to firms to put controls in place to look after things such as information security and data control. We have, in the past, taken action where we felt firms had not met those principles."

Previously the FSA has fined insurer Norwich Union £1.26m after its lack of controls enabled fraudsters to cash in £3.3m in polices. Nationwide was also fined £980,000 after a laptop containing confidential customer details was stolen from an employee's home.