Three HSBC firms have been fined for serious security failings.

The FSA has fined three HSBC firms more than £3 million for failing to protect their customers’ details from being lost or stolen.

The three divisions in question are HSBC Life UK Limited (fined £1,610,000), HSBC Actuaries and Consultants Limited (£875,000), and HSBC Insurance Brokers Limited (£700,000).

The FSA’s investigation discovered that customers’ details were sent unencrypted through the post to third parties and that confidential details were left unsecured on open shelves.

In an even greater lapse of security, two unencrypted CDs containing customers’ personal details were lost in the post on two separate occasions. The discs contained the information of more than 181,000 customers, and included confidential details such as national insurance numbers, dates of birth and addresses.

Margaret Cole, Director of Enforcement at the FSA, said: “These breaches are very disappointing. All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals. It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers’ details.”

Clive Bannister, HSBC Insurance’s Group MD, told the BBC: “We hold ourselves to the highest standards, but it is clear that in these instances we have fallen short, which we sincerely regret. While this is a serious matter, no customer reported any loss from these failures and we are doing everything possible to prevent a recurrence.”

All three firms were given the standard 30% discount from the FSA for cooperating fully from the early stages of the investigation – had they not, the fines would have totalled around £4.5m. Margaret Cole continued: “In areas where we have previously warned firms of the need to improve, people can expect to see fines increase to deter others and change behaviour in the industry.”

The news comes as ID fraud in the UK increases. CIFAS, the UK’s fraud prevention service, reported last month that the recession had contributed to a sharp rise in the number of fraud victims. Adding to the blow felt by victims, a recent report by consumer body Which? revealed that one in five victims of fraud is denied compensation by their banks.

HSBC is not the only bank to be fined for security failures. In the past four years, the FSA has also fined Nationwide, Norwich Union, Merchant Securities and BNP Paribas Private Bank for similar offences.