HSBC faced a data theft issue where an employee, Nadeem Kashmiri, accessed customer information from UK accounts without permission and passed it to a co-conspirator to conduct fraudulent transactions. Over £2,33,000 was estimated to be lost. Kashmiri received Rs. 4000 per account data and made Rs. 80,000 per data passed on. The issue arose because Kashmiri joined HSBC using false records and references during inadequate employee verification, as the BPO firm was feverishly recruiting and did not take enough time for verification. HSBC proposed that employee verification and risk mitigation be handled by the Information Security Department instead of the HR department to prevent similar issues.