Included on the CD are the names, birth dates and insurance-cover levels of the bank's life insurance customers. The CD after being sent from the group's offices to a reinsurer through an external courier.

A spokesman for the bank said that such information was normally sent over an encrypted electronic channel but that the CD had been sent because the system was not working and the information was needed quickly.

A spokesman for HSBC said: "There is no information on this disc in relation to banking or payment details and there were no addresses, so the scope for any fraudulent activity is vastly reduced. There is also no indication it has been stolen, and the disc is password-protected. But we appreciate this is not what our customers expect and we apologize."

The company says it would be contacting every customer whose data has been lost, and is still looking for the CD. Meanwhile, the FSA has been notified about the loss, and the bank faces a possible investigation, as well as a potential fine if a security lapse is found.

"We look to firms to put controls in place to look after things such as information security and data control," says a spokesman for the FSA. "We have, in the past, taken action where we felt firms had not met those principles."

In the past, the FSA has fined insurance company Norwich Union £1.26 million after its loss of security led thieves to steal £3.3 million in polices. Additionally, Nationwide was also fined £980,000 after a laptop that had confidential customer information was stolen from an employee's home.