Data Loss: HSBC Fine

HSBC has been fined a collosal £3 million by the FSA in relation to data loss. The fine is interesting as it dwarfs previous fines and has been imposed by the FSA rather than the ICO.

The incident relates to the loss of data in 2007 and early 2008. For those feeling sorry (if at all possible) for HSBC, should consider that these data losses were not isolated, and there have been several other HSBC data losses, including:

From the information available it appears that HSBC had a very relaxed policy to client data, moving data around, in unrecorded post that was unencrypted. The true amount of data theft from HSBC will never be known, as their data security appears so lax details could have been stolen without any one knowing.


2 Responses to “Data Loss: HSBC Fine”

  1. Keng Lim Says:

    I wonder what DLP product HSBC is using and why it did not stop or catch the incidents. I hope they are doing something about this.

    • 585 Says:

      Sadly, I doubt they are using DLP, but even if they were it would not always make a difference.

      If the data is shipped unencrypted, it does not matter if you know the data has been shipped, if its lost its lost.

      Some DLP can enforce encryption, but that is a policy decision.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: