So why do I think HSBC is incompetent (or certainly the people in it)?
Today I received some sales promotion information from HSBC (as we know they have been having rather a lack luster year)
Yes lots of banks send out promotional material, I hear you say, BUT HSBC has recently started putting customers financial details, within the text of these flyers.
So now you can no longer just throw away all the advertising leaflets you get from HSBC, because if you do routinely throw away such crap from your bank, there is a very good chance you will be disclosing *Meta-Data about your business with the bank.
In this particular case the flyer gave an analysis of my business dealings with HSBC, and a ballpark average of what the value of those services were over a several month period.
So not only did this promotional leaflet outline to anyone reading it, that I subscribe to certain services but it also listed out what my dealings were in cash terms, and gladly informed me that if I increased my business dealings in a certain way, I would be the proud owner of some “shopping coupons”
What is really annoying about this, is that HSBC did this against my strict instructions, specifically due to potential online fraud I have limited communication with the bank to a certain system and information about accounts must only be supplied inline with that agreement.
Their action also goes against my specific instructions to never send promotional information to my home address.
I can see why the HSBC changed its slogan from the listening bank.
This is probably why HSBC is providing such lack luster returns at the moment, because it is run by unthinking do not not give a damn corporate droids.
Meta-data can be very roughly described “data about the data”.
In this case the Meta-Data about my dealings with HSBC, the services I use and the approximate value of those services, as a result it would be enough to give an attacker details to know what sort of account I have and ways of breaching that account.