Lost in the post four weeks ago en route from Southampton, the disc listed the names, dates of birth and the level of insurance cover held by some 370,000 customers, along with their individual policy number and information as to whether they smoked or not.
Whilst it was password-protected, the disc had not been encrypted. However it did not contain any further details, such as the home address or bank account details of the individual, leading HSBC to label the potential fraud risk as 'limited'.
The bank issued an apology to customers, saying that it was currently looking into the situation and that the Financial Services Authority (FSA) had been informed.
The disk had been on the way from HSBC to an unnamed reinsurer.