Page last updated at 10:17 GMT, Tuesday, 26 August 2008 11:17 UK

When financial data goes missing

Identity fraud has increased adding to fears over financial personal data

Personal financial details were listed on the hard disc of a computer reportedly sold on the auction website eBay.

Information relating to credit card applications by millions of customers - said to include account details, signatures, mobile phone numbers and family details - were contained on the computer.

Royal Bank of Scotland, one of the businesses involved, has said it is looking into the case as a matter of urgency.

This is the latest in a series of embarrassing data losses involving major financial institutions, forcing them to tighten procedures.

Organisations rarely have adequate visibility or control of their data
Alastair Broom, Dimension Data

Security experts said too many employees were not aware of the risks involved in transferring sensitive data to portable devices such as memory sticks.

"An organisation's data is often its most important asset," said Alastair Broom, security director at Dimension Data, "yet organisations rarely have adequate visibility or control of their data".

He said firms needed to change the way their staff handle data as well as investing in software capable of controlling its movement off internal computer networks.

"The starting point is developing a robust security policy and ensuring that all employees fully understand their role and obligations in support of it through internal training and communication."

Below are some of the worst examples of recent security breaches.


In 2007, a laptop from a Nationwide employee's home containing confidential customer data was stolen.

Eleven million Nationwide customers were said to be at risk of identity crime at the time.

The Financial Services Authority said security was not up to scratch after the Nationwide employee had put details of nearly 11 million customers on his computer.

The FSA also found that the Nationwide did not start an investigation until three weeks after the theft occurred.

The firm was fined 980,000 by the City watchdog for security breaches.


The HSBC banking group lost a disc which contained details of some 370,000 customers from its Southampton office.

The disc was lost after being sent by courier from the bank's life insurance offices in Southampton.

Customers names, dates of birth, and their levels of insurance cover were all on the disc.

But there were no addresses or bank account details. HSBC said the customers' exposure to potential fraud was limited.


About 15,000 Standard Life customers were said to be at risk of fraud after HMRC lost personal details.

The data was on a CD sent from the Revenue office in Newcastle to the company's headquarters in Edinburgh.

But the disc, containing names, national insurance numbers, dates of birth and pension data, never arrived at its intended destination.

HMRC and Standard Life sent warning letters to customers five weeks after the data breach occurred.

Extent of data losses is revealed
19 Aug 08 |  UK Politics
Call for bank action on ID theft
24 Apr 08 |  Business
Thousands at risk after data loss
03 Nov 07 |  Moneybox
HSBC loses customers' data disc
07 Apr 08 |  Business

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Sign in

BBC navigation

Copyright © 2019 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific