Indian data breach hits HSBC

Insider fraud at HSBC's Indian site underscores the need for security that extends to offshore locations

The practice of moving customer data to offshore sites has come under fire again after a security breach at HSBC's offshore data processing site in Bangalore led to £233,000 reportedly being stolen from a small number of UK customers.

An HSBC spokesman confirmed the bank had commenced legal action against an employee who had passed customer information onto fraudsters, claiming that it would "pursue a conviction as aggressively as possible".

He added that the fraud had been detected by HSBC's security procedures and that all affected customers had been informed and reimbursed.

However, the incident is likely to increase pressure on HSBC and other UK firms with offshore data handling facilities to reassess security processes after reports claimed the HSBC employee had used false records to obtain the job.

Sunil Mehta, vice president of Indian IT trade body Nasscom, said in a statement that data breaches were not unique to India and argued that the country is acting to reduce the risk of data breaches. He added that Nasscom is working with the Indian government to train police to tackle digital crimes and to develop a national registry of suitable staff.

Martyn Hart of the UK’s National Outsourcing Association (NAO) agreed corrupt employees can be found anywhere in the world, but suggested that the relatively low wages paid to Indian workers could make them a target for criminal gangs looking to bribe staff to hand over customer data.

He added in a statement that firms should monitor offshore outsourcing relationship closely to "ensure that company procedures are adhered to in every location".