HSBC Accidentally Exposes Bankruptcy Data

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

HSBC Bank officials acknowledged late last week that a bug in its imaging software accidentally revealed the confidential personal information of an unknown number of customers going through bankruptcy proceedings.

In documents (available here in PDF format) filed Thursday with the New Hampshire Attorney General's office, the bank admitted that it failed to completely redact information on forms that were filed between May 1, 2007 and Oct. 17, 2008.

The data compromised by the bug in the imaging software included HSBC credit card account information as well as line-of-credit and mortgage information included in Chapter 13 bankruptcy proof-of-claims filed electronically.

In notification letters the bank began sending out in October to affected customers, it said that some of the information may have been viewable "as a result of the deficiency in the software used to save imaged documents."

HSBC officials did not reveal the name of the imaging software application it uses to save, store, and file electronic documents.

Customers of HSBC Taxpayer Financial Services, Beneficial New Hampshire, and Household Finance Corporation may have had their mortgage and credit card account information compromised, according to the filing.

Similar errors and vulnerabilities have impacted customers at some of the nation's largest financial services and insurance companies in recent months.

In November, insurer MassMutual confirmed that one of its employee databases was accessed by an unauthorized person or persons, exposing an unknown number of employees' personal data for a yet-to-be-determined amount of time.

The Springfield, Mass.-based insurer said the compromised database was being maintained by an unidentified, third-party vendor and contained "a limited amount of personal employee data."

Also last month, more than 10,000 physicians' and dentists' personal data was exposed in New Hampshire after an employee at Anthem Blue Cross and Blue Shield transferred the healthcare providers' Social Security numbers and other data to a personal laptop that was later stolen.

Anthem spokesman Christopher Dugan said the security breach took place at the national level and the files did not include any patients' personal data.

In September, more than 33,000 patients receiving care from a Daytona Beach, Fla. medical center were notified that their data may have been compromised when a laptop was stolen from an employee's car.

Larry Barrett is a senior editor at InternetNews.com.  Based in Las Vegas, Larry covers IT management, enterprise software, services, and security.