The Financial Services Authority has fined a stockbroking firm for failures in data security that put its customers at risk of identity fraud.
The FSA fined Merchant Securities £77,000 for a series of failures including its reliance on staff recognising customers' voices to verify their identity and storing unprotected customer data at the homes of employees overnight.
The FSA said staff at the firm relied on talking informally about personal matters to confirm its customers' identities.
Back-up tapes containing unencrypted customer information were stored overnight in a bag at the home of a member of staff the FSA said, and personal account numbers were wrongly included in routine letters.
Margaret Cole, director of enforcement at the FSA, said, "It is unacceptable that despite increased awareness of data security issues, a firm should be so careless about its systems for protecting customers' personal details.
"We will not wait until information has been lost or stolen before taking action against a firm. The level of the fine for a firm of this size should serve as a warning to others to take data security seriously."
Merchant Securities' failure to protect customer data emerged when the FSA carried out the research for its 2008 report Data Security in Financial Services.
Patrick Claridge, acting chief executive of Merchant Securities said the company has taken steps to improve its systems and security.
Merchant Securities said there is no evidence that customer data was stolen. "FSA found no evidence of any theft or compromise of customer information," said the company in a statement.