In April 2008 HSBC reported it has lost data on it that contain the records of 37,000 customers. In this case the records did not contain financial information, rather information relating to insurance, e.g does a person smoke or not. The data was password protected, but not actually encrypted, which means that the data could have been accessed relatively easily.
The fact that HSBC has policies that allow the use of an ineffective security program is staggering. Why would HSBC invest in a CD security tool that does not actually encrypt? Surely the costs would be a few pence more to get an encryption tool that actually works? No critical data was lost on this occasion, but it appears to be more luck than judgment.
This problem is compounded by the fact it is not the first HSBC has had data issues. In 2006 HSBC had staff at their Indian call center access client details to steal data, and in May 2008 they lost an entire server. In 2005 180,000 HSBC customers credit card details were exposed, and some of their accounts accessed.