HSBC has been having a really rough go trying to keep a handle on their data and system security. Examples 1, 2, 3, 4, 5 and 6.
A tad disconcerting for their customer base.
From Infosecurity UK:
HSBC’s Swiss banking operation – operating in an industry that is reknowned for its secrecy – has been rocked by revelations that details on as many as 24 000 of its wealthiest clients have been leaked.
When the news of the data leakages – apparently caused by a rogue member of the HSBC staff – were first reported last December, it was thought that fewer than 10 accounts were involved. At the time, Herve Falciani, a former HSBC IT specialist, was reported to have stolen the data and passed it to the French tax authorities.
HSBC has now admitted it has now discovered that 15 000 existing and 9000 former clients were affected.
That certainly is a lot more than ten accounts which was the number they thought were affected when this first came to light in Dec ’09. This is further compounded by this passage, “HSBC says it only realised the full extent of the data leak earlier this month when the Swiss authorities returned the data in their possession.” I would hazard a guess that at some point HSBC will realize that they have what appears to be a systemic problem with their security program. A quick scan of their Canadian site shows that they are trying to bring on some new security people. I wonder if they have a decentralized security model at HSBC. It would certainly explain a fair bit.
For more on this latest breach, read on.
(Image used under CC from K e v i n)