In 2006 HSBC suffered data theft from Indian call center.
Staff in the one of the HSBC Indian call centers were involved in stealing clients details and then accessing the accounts to take over £230,000.
The HSBC office in Bangalore, HSBC Electronic Data Processing India, HDPI reported the misuse of data to the Bangalore Cyber Crime Police on Tuesday 24th June 2006. Following an investigation it was discovered that Mr Nadeem Kashmiri had accessed customers’ accounts and changed the personal information, security information and debit card information. Once this information had been changed one of his accomplices called the HSBC and impersonated the customers. The accomplice was able to clear the security questions with the new information, then once the security questions were clear the accomplice was able to conduct a fraudulent transaction.
The fraud was only noticed when 20-odd customers complained to the bank that monies from their account were transferred without their knowledge between March and May 2006.
Mr Nadeem Kashmiri broke the Indian laws under sections 66 and 72 of the I-T Act and 408, 468 and 420 of the IPC.
Articles include Hindu Business Line and the iT Wire
Later, in 2008, HSBC suffered a data loss when they lost customer data in the post, also in 2008 they lost an entire server. In 2005 180,000 HSBC customers credit card details were exposed, and some of their accounts accessed.
Previously on this site the questions “would and could the data guardians misuse the data they handle?” have been asked. This incident provides a perfect example of the problems:
There is a large amount of personal data that can be accessed by people on low pay with little or no career prospects, therefore there will be temptation, motive and opportunity, because there are no effective systems to stop this occurring. Access to banking details is one thing, but access to DNA, medical records, CCTV footage, and national tracking systems is something else entirely, and there is less security on the latter than the former.
Other instances of misuse of data include police officers who have misused their access to data to for a variety of reasons including: Harass a woman, stalk another man, and a police officer who used data within a family matter.