The loss of a computer server from a Kwun Tong branch of Hongkong and Shanghai Banking Corporation could lead to the leakage of private data of 159,000 customers.
The bank released a statement last night confirming one of its computer servers went missing on April 26 from the Kwun Tong branch, which has been undergoing renovation.
The server held transaction data on approximately 159,000 accounts.
The data held on the server include the name, account number and transactions of customers but does not contain any customer PINs, passwords or user IDs, according to the statement.
The bank emphasized the risk of data leakage and fraudulent transactions is deemed to be low as the server is protected by multiple layers of security which are regularly reviewed.
A bank spokesman said services would not be affected as the bank had copies of the data in its central computer system.
The bank is contacting customers, who will not be liable for any financial loss arising from any fraudulent activity as a result of the lost data.
Clients data are kept in a confidential manner. If any complaint arises, we will deal with it case by case, HSBC chairman Vincent Cheng Hoi-chuen said.
The bank reported the loss to police on April 26, the Monetary Authority on Tuesday and to the Office of the Privacy Commissioner for Personal Data yesterday.
The case has been classified as theft. Kwun Tong regional crime unit is investigating but nobody has been arrested.
Some customers appeared to be concerned about the incident and went to the Yue Man Square branch to check their saving accounts balance yesterday.
Some were also worried people may get hold of their personal data.
The Monetary Authority urged the bank to provide further details to ease public fears.
A spokeswoman said the authority is also considering taking supervisory action against the bank.
"The bank should explain the incident to its customers and also provide a relevant remedy. It also has to remind customers how to protect their own accounts and benefits, she said.
The authority also requested the bank submit a report after it has completed its investigation into the loss.
The Consumer Council said it was greatly concerned.
"The bank has to tell its customers how they will be compensated if they suffer any financial loss because of the incident, chief executive Connie Lau Yin-hing said.
Internet Society chairman Charles Mok Nai-kwong said even though the server has been encrypted, there may still be ways to access the data.
"I do not know how advanced the system is or the skill of those who want to access the data. But if the server goes to the police, they will have ways to get the data," Mok said.