/>
X
Innovation

HSBC companies fined £3m over data breaches

The Financial Services Authority fined the companies after it found they were not doing enough to protect customers' data
Written by Jo Best, Contributor on

Three HSBC companies have been hit with fines after the financial services watchdog found they were not doing enough to protect customers' data.

The Financial Services Authority (FSA) fined HSBC Life £1,610,000, HSBC Actuaries £875,000 and HSBC Insurance Brokers £700,000 — making a total of £3m in penalties between them.

Due to the fact the three firms settled with the FSA, their fines were discounted by 30 percent — the original charges totalled £4.55m.

The FSA handed down the fines after an investigation found customer data was sent without encryption to third parties and via couriers, and left in unlocked cabinets and shelves openly.

Staff were also not given proper training over how to spot and deal with risks like identity theft, the FSA found.

Clive Bannister, group managing director of HSBC Insurance, said the company regrets falling short in dealing with customers' data.

"While this is a serious matter, no customer reported any loss from these failures and we are doing everything possible to prevent a recurrence. We have implemented even more rigorous systems, better checks and more training for our people. We believe our customers can have confidence that we are doing everything we can to protect their privacy," he said in a statement.

Two of the HSBC companies recorded losses of data: in 2007, HSBC Actuaries lost an unencrypted floppy disk in the post, containing the details of 1,917 pension-scheme members, including addresses, dates of birth and national insurance numbers; while 2008 saw HSBC Life lose an unencrypted CD containing the details of 180,000 policy holders in the post. Those affected have been alerted to the losses by the companies.

Margaret Cole, director of enforcement at the FSA, described the losses as "disappointing".

"All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals. It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers' details," she said in a statement.

The three companies have now improved staff training and use encryption when data is being moved.

Editorial standards

Related

The 16 best Cyber Monday deals under $30 still available
Amazon Fire TV Stick 4K

The 16 best Cyber Monday deals under $30 still available

Epson is going to stop selling laser printers. Here's why
piles-of-paper.jpg

Epson is going to stop selling laser printers. Here's why

Don't waste your money on these Apple products: December 2022 edition
Waiting in line for the Apple Store

Don't waste your money on these Apple products: December 2022 edition