HSBC: Data Misuse

In 2006 HSBC suffered data theft from Indian call center.

Staff in the one of the HSBC Indian call centers were involved in stealing clients details and then accessing the accounts to take over £230,000.

The HSBC office in Bangalore, HSBC Electronic Data Processing India, HDPI reported the misuse of data to the Bangalore Cyber Crime Police on Tuesday 24th June 2006. Following an investigation it was discovered that Mr Nadeem Kashmiri had accessed customers’ accounts and changed the personal information, security information and debit card information. Once this information had been changed one of his accomplices called the HSBC and impersonated the customers. The accomplice was able to clear the security questions with the new information, then once the security questions were clear the accomplice was able to conduct a fraudulent transaction.

The fraud was only noticed when 20-odd customers complained to the bank that monies from their account were transferred without their knowledge between March and May 2006.

Mr Nadeem Kashmiri broke the Indian laws under sections 66 and 72 of the I-T Act and 408, 468 and 420 of the IPC.

Articles include Hindu Business Line and the iT Wire

Later, in 2008, HSBC suffered a data loss when they lost customer data in the post, also in 2008 they lost an entire server. In 2005 180,000 HSBC customers credit card details were exposed, and some of their accounts accessed.

Previously on this site the questions  “would and could the data guardians misuse the data they handle?” have been asked. This incident provides a perfect example of the problems:

There is a large amount of personal data that can be accessed by people on low pay with little or no career prospects, therefore there will be temptation, motive and opportunity, because there are no effective systems to stop this occurring.

Access to banking details is one thing, but access to DNA, medical records, CCTV footage, and national tracking systems is something else entirely, and there is less security on the latter than the former.

Other instances of misuse of data include police officers who have misused their access to data to for a variety of reasons including: Harass a woman, stalk another woman, and a police officer who used data within a family matter.


5 Responses to “HSBC: Data Misuse”

  1. Citi Bank: Data Theft « Data - Where is it? Says:

    […] Data – Where is it? Where is your data? Who collects, controls, and searches it? « HSBC: More Data Loss […]

  2. HSBC: Even More Data Loss « Data - Where is it? Says:

    […] and lost Data. In 2008 lost CDs with 37,000 customer details on, then then in June 2006 HSBC had staff from an Indian call center steal data and use it to commit […]

  3. HSBC: More Data Loss « Data - Where is it? Says:

    […] incident follows on from the an incident in June 2006 when HSBC  staff from an Indian call center stole data and used it to commit fraud. Later In 2008 HSBC lost CDs with 37,000 […]

  4. HSBC Data Loss 37,000 Records « Data - Where is it? Says:

    […] by the fact it is not the first HSBC has had data issues. In 2006 HSBC had staff at their Indian call center access client details to steal data, and in May 2008 they lost an entire […]

  5. HSBC: Data Fraud (2005) « Data - Where is it? Says:

    […] had several incidents of data loss and misuse, including losing CDs in the post, Indian call staff stealing data, and then money, and even the loss of an entire […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: