Breaking finance and business news, tax information, jobs and more for finance directors and senior finance professionals.

The bank issued a statement to confirm that the names, dates of birth, levels of insurance cover and smoking habits of the policy holders were on the disk.

HSBC added that the disk did not contain bank account details or addresses and said that it would be of “very limited” use to criminals.

“There is nothing else that could in any way compromise a customer and there is no reason to suppose that the disk has fallen into the wrong hands,” according to the statement.

The disk is password protected, but was not encrypted. It is believed that the disk was sent four weeks ago from HSBC’s life assurance offices in Southampton to re-insurer Swiss Re in Kent.

The bank said that its normal procedure was transfer the information electronically, but that on the day the system was down and a disk was posted through Royal Mail’s unregistered postal service instead.

When it failed to arrive, the bank launched an investigation and notified the Financial Services Authority (FSA).

HSBC may face a hefty fine over the data loss. The FSA fined Norwich Union £1.26 million in December for not having effective systems and controls in place to protect customers' confidential information.

Nationwide was fine £980,000 after it lost a laptop containing customer information last year.

Related articles

• Public sector more computer compliant than private sector peers
• Boards careless about IT governance
• How can we prevent the next SocGen scandal?
• Only half of TMT firms disclose data losses
• FSA fines Norwich Union £1.26m over data losses
• Executive lack data policy ownership
• New data losses at DVLA and building society
• Fasthosts apologises after sites are hacked
• HMRC breach 'godsend' for security professionals
• HMRC loses 25 million personal records

Related links

• HSBC
• Financial Services Authority