Feeds

HSBC pops thousands of customer details in the post

Guess what happened next?

Internet Security Threat Report 2014

HSBC has admitted that it has misplaced 370,000 customer details, which were put in the post a month ago on an unencrypted disc.

The envelope has not arrived at its intended destination - a reinsurance firm.

A spokesman for HSBC told the Reg: "We have sent a disc to our reinsurers which they never received. The disc was not encrypted but was password-protected. Our normal method is to use electronic transfer but on the day this happened the system was down so it was sent by disc instead." The disc was sent using ordinary Royal Mail services.

Nick Lowe, regional director for Northern Europe at security firm Check Point said: “The disc was apparently password-protected, but this can be overcome fairly easily by an IT-literate person.

“In this sector, where information is highly sensitive, always-on strong encryption of data is the minimum protection that should be applied to laptops, discs and USB storage devices."

The customer files did not contain account information or addresses but life insurance details, dates of birth and smoking habits.

HSBC has told the Financial Services Authority what happened. The FSA fined Nationwide £980,000 for breaching customer privacy last year by losing a laptop containing customer information. ®

Beginner's guide to SSL certificates

More from The Register

next story
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.