The Financial Services Authority (FSA) has penalized three companies operating under the HSBC name - HSBC Life UK, HSBC Actuaries and Consultants and HSBC Insurance Brokers - after their failings resulted in customer information being lost in the post on two occasions.
Data relating to pension scheme members was mislaid in July 2007 and in February 2008 details of around 180,000 policy holders were lost when an unencrypted CD went missing.
Director of enforcement at the FSA Margaret Cole described the security breaches as "very disappointing".
"All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals," she remarked, adding that it was "worrying" that the companies were not more alert to the dangers of fraud.
KPMG recently released a report showing that instances of fraud reached a record high for a six-month period during the first half of 2009.