The HSBC banking group has lost an unencrypted, password-protected computer disc with the details of 370,000 customers.
The disc was lost four weeks ago after being sent by courier through a Royal Mail corporate account from the bank's offices in Southampton to Swiss Re, the bank confirmed.
"The data, which was password-protected, includes names, life insurance cover levels, dates of birth and whether or not a customer smokes. There is nothing else that could in any way compromise a customer and there is no reason to suppose that the disc has fallen into the wrong hands," the bank said in a statement.
HSBC spokesperson James Thorpe told Computerworld UK the bank usually uses a secure electronic network to send information electronically to the reinsurer.
"We don't normally send information on hard copy, but usually send electronically through this secure network. But the system wasn't working the day this information needed to be sent to the reinsurer."
Thorpe declined to reveal further details on the secure network.
He also admitted the data was not encrypted. "If we ever had to do it again, we would encrypt the information along with password protection," he said.
The disc contained names and dates of birth, but "no address or bank account details for any customer or any kind of information normally associated with fraudulent activity," said Thorpe. HSBC said in a statement the disc "would therefore be of very limited, if any, use to criminals".
The bank confirmed it is conducting a thorough investigation working with Swiss Re.
City watchdog the Financial Services Authority (FSA) has been informed and could conduct an investigation into the data loss and impose a fine on the bank. The FSA declined to comment on the case.
Find your next job with computerworld UK jobs