[ISN] HSBC customers hit by Bangalore breach

[InfoSec News]

http://software.silicon.com/security/0,39024655,39159940,00.htm

By Andy McCue
27 June 2006

A security breach at HSBC's offshore data processing unit in Bangalore
has led to £233,000 being stolen from the accounts of a small number
of UK customers.

A 24-year-old worker at the HSBC operation has been suspended after
being accused of accessing confidential account information and
passing it on to criminal associates in the UK.

Fears of the security of offshore business process outsourcing (BPO)  
operations will be heightened by reports in India claiming the HSBC
employee also used false records to obtain the job at the bank.

The HSBC worker was caught when the fraud was detected by the bank's
security systems.

A spokesman for HSBC told silicon.com: "Our internal security team
discovered one of HSBC's staff in Bangalore caused customer data to be
leaked leading to a small number of accounts from the UK being
compromised."

He declined to comment any further on the details of the breach but
said all affected customers - reported to be around 20 in number -
have been contacted and will be fully reimbursed for any losses.

The HSBC spokesman added: "We are taking data protection seriously.  
These systems are sophisticated and in place to help track these
things down."

Sunil Mehta, VP of India's IT industry body Nasscom, insisted such
security breaches are not unique to offshore operations and can happen
in any country.

He said: "India, with its strong legal system and its independent
judiciary, is a country that takes this responsibility extremely
seriously. Nasscom will work with the legal authorities in the UK and
India to ensure that those responsible for any criminal breaches are
promptly prosecuted and face the maximum penalty."

Just last month Nasscom created a new regulatory body to help improve
data security among India's offshore IT services and BPO companies.