Bank of Scotland (HBOS) is telling 62,000 customers they could be at risk of identity theft after it stuck an unencrypted disc in the ordinary post, which was subsequently lost.

The disc, containing information on mortage customers, should have been encrypted before being sent, the bank said, and should have been sent via secure courier rather than the normal postal service. It blamed human error for the problem, but said it believed the disc was genuinely lost rather than stolen.

An HBOS spokesperson told ComputerWorld: "The disk would usually be encrypted. Unfortunately, due to human error on this occasion the usual policy was not followed. We apologise to our customers for this."

The spokeswoman said procedures had been changed and said a recent string of data breaches were unrelated.

The bank was in trouble in March for losing customer data, and in January it accidentally posted details of 75,000 customers to a woman from Aberdeen who asked for a copy of her bank statement. Also in March, the Information Commissioner named and shamed HBOS, along with 10 other banks, for dumping customer statements in pavement bins.

More from ComputerWorld here. ®

Related stories

• Lloyds buy leaves HBOS techies facing axe - again (18 September 2008)
• HBOS culls 5% of IT workforce (14 August 2008)
• Dear customer: you owe us $211 trillion (3 December 2007)
• Info Commissioner audits HBOS (15 May 2007)
• UK banks leaving customer info on the pavement (14 March 2007)
• UK bank exposes details of 75,000 accounts (31 January 2007)
• HBOS to change website after security alert (24 October 2006)