HSBC has admitted that it has misplaced 370,000 customer details, which were put in the post a month ago on an unencrypted disc.

The envelope has not arrived at its intended destination - a reinsurance firm.

Nick Lowe, regional director for Northern Europe at security firm Check Point said: “The disc was apparently password-protected, but this can be overcome fairly easily by an IT-literate person.

“In this sector, where information is highly sensitive, always-on strong encryption of data is the minimum protection that should be applied to laptops, discs and USB storage devices."

The customer files did not contain account information or addresses but life insurance details, dates of birth and smoking habits.

HSBC has told the Financial Services Authority what happened. The FSA fined Nationwide £980,000 for breaching customer privacy last year by losing a laptop containing customer information. ®

Related stories

• HSBC scripting flaws play into the hands of phishers (25 June 2008)
• FSA fines stockbrokers for poor data security (19 June 2008)
• HSBC in further data loss (8 May 2008)
• HSBC plugs hole that exposed site directory (29 April 2008)
• Phone insurance firm reveals Sharia rules policy (10 April 2008)
• Civil liberties groups challenge Data Retention Directive in ECJ (10 April 2008)
• HSBC e-payments system limps back online (9 April 2008)
• HSBC e-payments system goes titsup (again) (8 April 2008)
• Exclusive BT and Phorm secretly tracked 18,000 customers in 2006 (1 April 2008)
• MoD loses 11,000 ID cards (12 March 2008)
• HMRC data debacle used to bait phishing lure (22 February 2008)
• Updated: MoD coughs to laptop triple whammy (22 January 2008)
• Clarkson's 'steal my ID' stunt backfires (7 January 2008)
• MPs call for stronger data protection laws (3 January 2008)
• Information security breaches quadrupled in 2007 (2 January 2008)