HSBC lose a server

Another reported theft of a server containing customer data . This time from the HSBC bank in Hong Kong. “The bank said it had lost track of the server during renovation work at a Kwun Tong district branch in east Kowloon on April 26. Police are investigating and say the server was stolen. ”

Read all about it here and there’s more here.

This is a really careless way to lose data. I thought it might be fun to read the bank’s own statement on data security.

Security is our top priority. The Hongkong and Shanghai Banking Corporation Limited (‘the Bank’) will strive at all times to ensure that your personal data will be protected against unauthorised or accidental access, processing or erasure. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal data.

Each visit I make to a business unit, one of the first things on my agenda is a visit to the server room where I’ll check everything from the access log to the temperature of the air conditioning. Spend all you want on boxes of tricks to stop the hackers getting in, but forget to lock the door to the servers and it’s game over. Risks increase if your office is within a building shared with numerous other businesses such as the case with this branch of HSBC in Hong Kong.

I recall one particular far eastern office I visited not too long ago. The main door to the server room was locked fast and the IT manager took delight in demonstrating how secure the room was. Walking around inside the server room I noticed another door. “Where does that one lead to?” I asked. “Outside” was the response. “Is it secured?” was my next question. “Yes” the manager replied, “the sticky tape holds it shut.”