HSBC Life, HSBC Actuaries and Consultants and HSBC Insurance Brokers Limited were all penalised by the Financial Services Authority (FSA) for not protecting their customers’ confidential details.
The City watchdog found the three guilty of offences including sending large amounts of unencrypted customer details by post or courier to third parties and leaving confidential information about customers on open shelves or in unlocked cabinets.
In addition, the regulator ruled that staff were not sufficiently trained on how to identify and manage risks like identity theft.
HSBC Life UK was fined £1.6m, HSBC Actuaries and Consultants £875,000 and HSBC Insurance Brokers were penalised £700,000.
The FSA says the firms have taken action to address the problems including contacting the customers concerned, improving their staff training and requiring that all electronic data in transit is encrypted.
Margaret Cole, director of enforcement at the FSA, says the breaches were “very disappointing” and that all three “failed their customers by being careless with personal details which could have ended up in the hands of criminals”.
Clive Bannister, group managing director of HSBC Insurance, says data confidentiality and security is “vitally important”.
“While this is a serious matter, no customer reported any loss from these failures and we are doing everything possible to prevent a recurrence,” he adds.