Tonight:
5°c
Record fine for HSBC after bank loses clients' confidential information - twice
Robert Lea22 Jul 2009
HSBC has been hit by the largest-ever fine for losing confidential private information on customers - twice.
The High Street bank has been fined a total of nearly £3.2 million for losing in the post on two separate occasions the details of 180,000 life insurance customers and nearly 2000 members of another company's pension scheme.
The Financial Services Authority (FSA) fined HSBC for its failure to have the most basic systems and controls in place to protect customers' names, addresses, dates of birth and national insurance numbers from being lost or stolen.
In an era of growing identity theft and high-profile personal data losses by the likes of the Inland Revenue and the security forces, Margaret Cole, the FSA's director of enforcement, said: “These breaches are very disappointing.”
While it is understood none of the lost information has been used fraudulently, neither of the two disks has been recovered.
“HSBC failed their customers by being careless with personal details which could have ended up in the hands of criminals,” said Cole. “It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt them to do more to protect their customers' details.
“Fraud, particularly identity theft, is a major concern to everyone, and firms must ensure that their data security systems and controls are constantly reviewed and updated to tackle this growing threat.”
And she warned: “In areas where we have previously warned firms of the need to improve, people can expect to see fines increase to deter others and change behaviour in the industry.”
HSBC's first loss in the post was an unencrypted floppy disk containing details about members of a pension fund in 2007.
The bank warned its insurance arm over the issue, only for HSBC Life to then lose a CD containing the unencrypted details of customers six months later.
When the FSA swooped to investigate HSBC, it found unencrypted customer details routinely being sent by post or courier while other confidential customer information left lying around the office could easily have been stolen.
The largest previous fine from the FSA over customer data loss was £1.26 million against Norwich Union, now Aviva.
The FSA said HSBC would have copped a fine of more than £4.5 million if it had not fully co-operated with the investigation.
Reader views (8)
Isn't it the Insurance side that was fined and not the bank? Therefore, they can't just up the prices
- David, Billingsgate, 23/07/2009 22:19
Report abuse
So a record fine for HSBC for losing information, dont have a problem with that bit, but what does concern me is what exactly does the FSA do with the money. There was talk a couple of weeks ago that the FSA was going to award record bonuses to its staff, is this how they are raising the funds.
- Mr S.Port, London, 22/07/2009 22:38
Report abuse
The standard of service at HSBC has gone from bad to worse recently. We closed our account recently and only regret that we did not do so years ago.
- Simon Ellis, London E8, 22/07/2009 22:33
Report abuse
As unfortunate as this situation might seem to HSBC, it will be viewed as a win by UK citizens. I have discussed or read about too many situations where personally identifiable information is mishandled with no consequence except to the individual.
More importantly, there are technology solutions (such as Egress Switch) that can control access or lockdown data files on CDs and other media that will solve this problem more efficiently than suffering the data breach and paying the fines.
- Bob, London, 22/07/2009 22:14
Report abuse
My sons childen have had their birth certificates lost and other peoples confidential info sent to him by the government who told him to throw the other persons file away!!!!The childrens allowance application filed April 3rd is still in cyber space
- Ereed, Bournemouth,UK, 22/07/2009 17:52
Report abuse
HSBC, like other banks will just raise interest charges, bank charges and any other way of screwing more 'Cas4Us' out of the customers. As stated previously - 'Business As Usual', Rip Off Britian!!
- Uncle Vanya, East Anglia area UK, 22/07/2009 16:21
Report abuse
I don't remember reding about the fines levied to government departments/ministers that lose private data...
- Adam, London, 22/07/2009 15:43
Report abuse
No problem, they'll get the fine back and more from their customers. In other words business as usual.
- John, Llandudno, Wales, 22/07/2009 13:12
Report abuse
