HSBC exposed sensitive bankruptcy data

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.computerworld.com/s/article/9141834/HSBC_exposed_sensitive_bankruptcy_data?taxonomyId=17

By Robert McMillan
IDG News Service
December 4, 2009

HSBC Bank says a bug in its imaging software inadvertently exposed 
sensitive data about some of its customers going through bankruptcy 
proceedings.

In notification letters made public Thursday, the bank said it had 
redacted sensitive information in Chapter 13 bankruptcy proof-of-claim 
forms that were filed electronically, but that the information turned out 
to be viewable "as a result of the deficiency in the software used to save 
imaged documents."

An HSBC spokeswoman declined to elaborate on the cause of the problem, but 
said "a limited number of customers" were affected. HSBC has "no reason to 
believe customers' personal information may have been compromised," she 
added via e-mail. The company sent letters to affected customers in 
October and is offering them one year of free credit monitoring.

Some customers of the following HSBC companies are affected: HSBC Taxpayer 
Financial Services, Beneficial New Hampshire and Household Finance 
Corporation.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php