Original URL: http://www.theregister.co.uk/2007/06/07/hbos_more_data_lost/

Bank of Scotland blames human error in data screw-up

Unencrypted disc lost in post

By John Oates

Posted in Security, 7th June 2007 15:22 GMT

Bank of Scotland (HBOS) is telling 62,000 customers they could be at risk of identity theft after it stuck an unencrypted disc in the ordinary post, which was subsequently lost.

The disc, containing information on mortage customers, should have been encrypted before being sent, the bank said, and should have been sent via secure courier rather than the normal postal service. It blamed human error for the problem, but said it believed the disc was genuinely lost rather than stolen.

An HBOS spokesperson told ComputerWorld: "The disk would usually be encrypted. Unfortunately, due to human error on this occasion the usual policy was not followed. We apologise to our customers for this."

The spokeswoman said procedures had been changed and said a recent string of data breaches were unrelated.

The bank was in trouble in March for losing customer data, and in January it accidentally posted details of 75,000 customers to a woman from Aberdeen who asked for a copy of her bank statement. Also in March, the Information Commissioner named and shamed HBOS, along with 10 other banks, for dumping customer statements in pavement bins.

More from ComputerWorld here. ®