May 9, 2008 — (WEB HOST INDUSTRY REVIEW) — Financial institution HSBC (hsbc.com) admitted this week to losing a server containing transaction data on 159,000 account holders from its Hong Kong branch office.
In an official statement issued on Wednesday, the financial institution says it lost track of the server during renovation work at a Kwun Tong district branch on April 26. The company decided to keep this information under wraps for two weeks, before disclosing it publicly, in order to conduct an internal investigation to find out the extent of the problem.
The information on the server includes account numbers, customer names, transaction amounts and transaction types, but does not contain any customer PINS, passwords or user IDs, according to HSBC.
“The server is protected by multiple layers of security,” says the bank in its statement. “The risk of data leakage and fraudulent transactions resulting from the loss of the server is deemed to be low.”
Although it has yet to be confirmed whether any foul play was involved, Hong Kong police say they are treating the case as theft, with investigations continuing. Although server theft isn’t particularly common, earlier this week we reported that 80s pop icon Peter Gabriel’s server was stolen from his hosting provider.
We have also seen at least two high-profile web hosting-related robberies in the last year. In October 2007, 20 data servers were stolen from C I Host’s Chicago facility while later in December, computing equipment was stolen from Verizon in the UK.
HSBC has confirmed it has a backup of the data and apologizes to affected customers, saying none of them would be liable for financial losses from any fraudulent activities.
Perhaps emphasizing the need for HSBC to adopt more attentive and effective security measures, it has only been a month since the company was in the hot seat in April for misplacing a CD containing the private information of 370,000 customers.
