International bank HSBC has been widely criticised within the finance and security industries for its revisions to calculations of the severity of a recent data loss incident.
After an employee stole a significant amount of client data from a Swiss bank in late 2006, HSBC had originally claimed that only 10 customers were affected. It emerged last week that this figure was completely inaccurate and more than 15,000 people were actually victims of the theft.
HSBC’s Alexandre Zeller said that his firm deeply regretted the way in which the situation was handled. He also attempted to assure customers worldwide that their private details would be protected as thoroughly as possible in the future.
Despite showing remorse and claiming to be taking action, HSBC’s inability to properly asses the level of damage caused by the security breach has angered many. Security expert Steve Moyle said that because this was an inside job that fully exploited employee privileges, it should be subjected to serious scrutiny.
Mr Moyle also said that HSBC acted irresponsibly by taking such an inordinate amount of time to publicise the full extent of the breach and questioned the veracity of its initial reports which claimed that only a handful of its clients were affected.
Industry observer Udi Mokady told V3.co.uk that the HSBC incident was symptomatic of a larger problem within the IT industry relating to employee accounts which remained unregulated, allowing unprecedented access to personal data.
The impact of data loss on businesses, whether perpetrated internally or externally, is calculated as running into the hundreds of millions of pounds, with a significant jump in the cost occurring between 2008 and 2009.
Businesses which become the victims of data theft are urged by most authorities on the subject to work with the necessary investigative bodies from the very beginning. HSBC’s failure to do so has lead to years of client data existing in a compromised state.
Although having a good contingency plan in the event of a data security breach is essential, most businesses will benefit from instigating preventative measures to thoroughly safeguard data and make theft harder in the first place.
