REPORTER'S NOTEBOOK: HSBC finally acts to stem the fallout of security breach


At long last, after weeks of stony silence and apparent mute indifference, the HSBC Bank finally acts!

Amid complaints by outraged account holders, the bank has taken action to deal with the fallout created when a serious security breach exposed records of more than a 100 of its customers.

Not surprisingly this was accompanied by fear, a justifiable concern by customers that this mass of sensitive data could be misused by fraudsters or identity thieves.

Fraud costs Australia $3 billion a year; only the highly negligent or foolish would believe they are exempt from being a victim of this kind of crime.

This is particularly true when your name, address, bank account details, mortgage information and other personal data is Missing in Action (MIA).

As reported in Computerworld, these confidential documents were found on a peak hour train in Sydney, left there by an HSBC employee.

But what made the situation worse was the bank's decision not to notify a single customer after the incident. Put simply the bank failed to act.

An entire month passed and the bank remained silent, no doubt praying the whole sordid affair would simply 'blow over' and pass unnoticed by unsuspecting customers.

As the bank explained in its own words: "[the breach] included no sensitive data.....we're of the view that no customers have been impacted."

Customers with whom we spoke were a bit more realistic. They didn't share this cavalier point of view accusing the bank of putting commercial interests before customer interests.

Customers suspect the reason they weren't notified of the security breach has more to do with reputation protection (the bank's that is), than privacy protection.

If you think the customers are a tad cynical, then think again. When the bank finally did reach its painfully, slow, drawn out decision to act, what did it do?

HSBC chose to shoot the messenger.

That's right -- blame Computerworld for its predicament and take steps to gag this reporter. Surely that is the best way for HSBC to throw its support behind customers, right?

What a brilliant idea, try to bind the reporter in legal red tape and hollow threats so there are no more stories detailing security breaches at the bank. Problem solved! Not.

HSBC fired the first shot on Monday, April 23 sending a letter to Computerworld from its General Counsel.

HSBC had the audacity to write a letter expressing concern that this reporter had breached the Privacy Act by sighting the missing documents first hand.

Concerned that I am in possession of copies of the documents, HSBC was quick to demand their return by 5pm the very same day, or the bank "will not hesitate to take further action."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ACTAustralia PostBillionHSBCMessenger

Show Comments