HSBC admitted on Monday that a computer disk containing 370,000 customers’ details went missing four weeks ago, while on its way to Folkestone from the bank’s life insurance office in Southampton. Presumably HSBC waited this long before telling us in case the courier had got stuck in a traffic jam on the M25.
HSBC – whose website includes a section telling customers how to keep their online data safe – is now likely to face a big rap on the knuckles from the FSA, which has already fined Norwich Union (£1.26m) and Nationwide (£980,000) for not protecting its customers' data properly. Its case won’t be helped by the fact that although the data was password-protected, it wasn’t encrypted – as required by the Information Commissioner’s guidelines.
The disk contains names, birthdates and the level of insurance cover carried by all 370,000 HSBC customers. It also says whether they smoke or not – although we should stress that there’s no suggestion the Cigarette Marketing Board orchestrated the whole thing.
Naturally the bank was playing down the impact of the loss, saying that the disc ‘contains no address or bank account details for any customer and would therefore be of very limited, if any, use to criminals’. This was presumably meant to be reassuring, although customers whose details are about to prove ‘a bit’ or even ‘slightly’ useful to hi-tech fraudsters may beg to differ. However, as HSBC was also quick to point out, ‘there is no reason to suppose that the disc has fallen into the wrong hands.’ Chances are it’s down the back of a seat in a roadside 'caff' somewhere off the M20.
Still, it’s not exactly reassuring that yet another big institution has managed to lose so many customer details in such an elementary way. According to online security firm Symantec, you can now buy our bank details for a fiver in cyber-crime black-markets. OK, so this latest 'oversight' is not quite as incompetent as the Revenue managing to lose the personal details of 25m taxpayers, as it did last year. But it’s unlikely to dispel the impression that our online data is about as secure as an ex-Blue Peter presenter carrying the Olympic flame...