HSBC locks US customers out of accounts after data breach

The bank has reported that a wide range of details had been exposed during an attack in October

HSBC sign

HSBC bank has locked some of its American customers out of their online accounts following a data breach.

The bank said it became aware of online accounts being accessed by unauthorised users between 4 and 14 October and has taken action by notifying customers - a template of which has been posted by the California Attorney General's office.

Advertisement - Article continues below

"When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account," the notice said.

According to the bank, the information that may have been accessed is quite significant and included full names, home and email addresses, phone numbers, dates of birth, transaction history, payee information and account details such as numbers, types, balances.

"HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously," a spokesman said. "We responded to this incident by fortifying our log-on and authentication processes and implemented additional layers of security for digital and mobile access to all personal and business banking accounts.

"We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identity theft protection service."

The bank has around 1.4 million accounts in the States and so far, it said it has not seen evidence of any fraudulent activity as a result of the breach. However, the details of the attack and its exact nature have not been fully explained.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Unless the scope, circumstances and the total number of affected customers become known, it would be premature to make any categorical conclusions," said Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge. "Allegedly, only US customers are affected, thus it may indicate that the breach occurred via an authorized third-party or careless employee.

"Data leaks caused by negligent third-party providers have become more and more frequent these days. An abandoned US-based web system with a limited set of customers' data, can also be among the possible attack vectors. Often large companies deploy demo systems to production for legitimate testing purposes, consequentially forgetting about them, leaving the unprotected systems and data externally accessible."

Although its a security issue HSBC would not like to have, organisations that don't report attacks and breaches are fast becoming minorities as hackers are finding more and more clever and innovative ways to exploit vulnerabilities.

Advertisement - Article continues below

In the last year alone there have been data breaches on many airlines such as British Airways, Air Canada and Cathay Pacific. Organisations as big as FIFA have also fallen foul of hacking and even tech companies as big as Facebook have suffered attacks that have accessed personal data.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020