Where does a £3M fine hurt?

Not sure, but we will know. Regulatory bodies are becoming increasingly tough on lax organizations for not protecting sensitive data - HSBC was recently fined £3M for not adequately protecting customer records.

The interesting part to notice is the fine was applied even though no customer had an unfortunate incident after the breach - I presume like a lost identity, stolen money from their bank etc.

And even more interesting was that HSBC got a 30% discount for cooperating :). Good boy!