Loss of bank computer server 'affected 55,000 customers'

PUBLISHED : Thursday, 22 May, 2008, 12:00am
UPDATED : Thursday, 22 May, 2008, 12:00am

The loss of a computer server from an HSBC branch affected 55,000 customers, a bank source revealed yesterday. The source, however, insisted that the data on the server had not been compromised.

It was the first time the bank had disclosed the number of customers affected by the loss of the server, which held account numbers, customer names and transaction details - but no PINs, passwords or user IDs - at its Kwun Tong branch on April 26.

The bank said earlier that the stolen server contained data on 159,000 accounts. It also said that it would shoulder any loss incurred.

The source said that no customer had suffered any damage due to the data loss, and no one had sought compensation.

The source added that the server was tailor-made for the bank. 'It had advanced security features that would shut it down if incorrect passwords were tried four times,' the source added.

The disclosure on the number of bank customers affected came on the same day Secretary for Constitutional and Mainland Affairs Stephen Lam Sui-lung told the Legislative Council that the government was conducting a review to examine ways to further strengthen data protection.

Mr Lam said the government and the Privacy Commission were examining laws to gauge whether there was a need to make the dissemination of private data for personal gain a criminal offence.

It was the first official comment since a call by Privacy Commissioner Roderick Woo Bun last week to make it a criminal offence to obtain, disclose or sell personal data without consent. Mr Woo's push for tougher laws came after hospitals lost the personal data on thousands of people, and sex photos of various celebrities were distributed on the internet.

'Suggestions to make the act [of obtaining or disseminating private data for personal gain] criminal must be examined carefully. We have to study if this might affect freedom of expression and the operation of independent bodies,' Mr Lam said.

Information security experts, speaking at a conference in Hong Kong yesterday, said that the best way to deter data leaks was to improve company policy, education and technology.

Pierre Noel, who handles risk management and information security for computer giant IBM Corp, said staff education was important as most leaks were unintentional.

Risky business

A series of personal-data losses has prompted calls for tougher laws

The number of HSBC accounts affected by the loss of a server at the bank's Kwun Tong branch: 159,000