Global banking giant HSBC has been fined more than £3 million by the Financial Services Authority (FSA) for failing to protect customers’ confidential details.
The FSA said three of HSBC's businesses – Life UK, Actuaries & Consultants and Insurance Brokers – had made a number of gaffes that put consumers’ personal information at risk.
The fines are centred on two incidents. One dates back to 2007, when HSBC Actuaries lost an unencrypted disk containing information, including dates of birth and national insurance numbers, of nearly 2,000 pension scheme members.
The other event, in February last year, saw HSBC Life lose an unencrypted CD containing the details of 180,000 policy holders.
The FSA said the incidents could have helped criminals steal customers' identities, and it therefore fined HSBC Life £1.61 million and the Actuaries business £875,000. HSBC Insurance was fined £700,000.
The financial watchdog also criticised HSBC's training methods, noting that staff were given insufficient training on how to identify and manage risks such as ID theft.
Margaret Cole, director of enforcement at the FSA, said the breaches were very disappointing.
She said: 'All three firms failed their customers by being careless with personal details that could have ended up in the hands of criminals. It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers' details.
HSBC said in a statement that it was doing everything in its power to prevent similar incidents happening in the future.
Clive Bannister, group managing director of HSBC Insurance, said: 'Keeping our customers’ data confidential and secure is vitally important to everyone at HSBC. We hold ourselves to the highest standards, but it is clear that in these instances we have fallen short, which we sincerely regret.'
Bannister added that although the situation was serious, no customer had actually reported any loss as a result of the incidents, and he said having taken steps to avoid a recurrence customers could 'have confidence that we are doing everything we can to protect their privacy.'