DDoS attack cripples HSBC online banking

No customer records compromised, bank says, after second outage of 2016

A cyber attack that has crippled HSBC's website has left customers locked out of online banking services today.

A DDoS (distributed-denial-of-service) attack knocked out HSBC's online functions at around 8.30am this morning, and customers have struggled to access their accounts online since, with HSBC warning at 4.45pm that the assault on its servers is ongoing, though a normal service is returning.

Advertisement - Article continues below

While no customer records or transactions have been compromised, the attack left customers unable to log into online banking facilities via web browsers or mobile apps.

A spokeswoman for HSBC initially told IT Pro that the bank "has successfully defended against the attack" at around 11.20am.

But a statement from COO John Hackett at 4.45pm read: ""We are continuing to experience attempted denial of service attacks and we are closely monitoring the situation with the authorities. 

"HSBC's internet and mobile services have partially recovered, and we continue to work to restore a full service. We apologise for the disruption and inconvenience this may have caused."

Today's DDoS attack comes on the final Friday of January, when many people will still be getting paid, and follows two days of outages at the beginning of this month affecting 17 million customers.

Advertisement
Advertisement - Article continues below

Security firm ESET's security specialist, Mark James, said HSBC's reputation will suffer as a result.

Advertisement - Article continues below

"DDoS attacks, regardless of motive, are never good for any organisation," he said. "Its users may vote with their feet rather than be understanding and stay with them."

Tripwire security researcher, Craig Young, speculated that the DDoS assault could be the work of hacktivists - hackers with a moral axe to grind - or cybercriminals looking to force HSBC to cough up in order to put an end to the issue.

"This is a common type of attack used by so-called hacktivists looking to make a political statement as well as extortionists requesting a ransom in exchange for stopping the attack," he said. "Often times the flood of requests are coming from computers and routers which have been hacked and unwillingly enlisted for attack."

HSBC said it is working with police to identify the culprits.

A spokeswoman said: "HSBC is working closely with law enforcement authorities to pursue the criminals responsible for today's attack on our internet banking. We apologise for any inconvenience this incident may have caused."

Advertisement - Article continues below

In addition to the outage at the beginning of January, the bank also angered customers last August by stopping BACS payments from leaving their accounts. HSBC revealed this week in a letter to a committee of MPs that the error was caused by a mega-payment rejected by its system, according to the BBC.

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020
Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020

Most Popular

Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020
Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020