The December 2022 issue of IEEE Spectrum is here!

Close bar

The UK's financial watchdog, the Financial Services Authority (FSA), has fined three companies - HSBC Life, HSBC Actuaries, and HSBC Insurance Brokers - which are part of the banking group HSBC, one of the world's largest, a total of £3 million for repeatedly "being careless with personal details" of its customers, it announced today.

The FSA said that even though HSBC was well aware of its duty to protect customer information, the watchdog had found that:

"large amounts of unencrypted customer details had been sent via post or courier to third parties. Confidential information about customers was also left on open shelves or in unlocked cabinets and could have been lost or stolen. In addition, staff were not given sufficient training on how to identify and manage risks like identity theft."

The FSA said it was fining HSBC for two major violations of data protection. The first was in April 2007 when HSBC Actuaries lost an unencrypted floppy disk in the post, containing the personal information of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers.

In July 2007, all three firms were warned by HSBC Group Insurance's compliance team about the need for robust data security controls.

Yet, the FSA said, in February 2008, HSBC Life lost an unencrypted CD containing the details of 180,000 policy holders in the post.

When I blogged about this breach last year, the story was that 370,000 records had been lost.  There was no explanation why this number was reduced to less than half that number. 

HSBC agreed to settle with the FSA early - otherwise, it could have faced a fine amounting to £4.55 million.

HSBC said that it "regretted the breaches," but as far as it knew, no one had been harmed by its carelessness.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less