HSBC locks US customers out of accounts after data breach

The bank has reported that a wide range of details had been exposed during an attack in October

HSBC sign

HSBC bank has locked some of its American customers out of their online accounts following a data breach.

The bank said it became aware of online accounts being accessed by unauthorised users between 4 and 14 October and has taken action by notifying customers - a template of which has been posted by the California Attorney General's office.

"When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account," the notice said.

According to the bank, the information that may have been accessed is quite significant and included full names, home and email addresses, phone numbers, dates of birth, transaction history, payee information and account details such as numbers, types, balances.

"HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously," a spokesman said. "We responded to this incident by fortifying our log-on and authentication processes and implemented additional layers of security for digital and mobile access to all personal and business banking accounts.

"We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identity theft protection service."

The bank has around 1.4 million accounts in the States and so far, it said it has not seen evidence of any fraudulent activity as a result of the breach. However, the details of the attack and its exact nature have not been fully explained.

"Unless the scope, circumstances and the total number of affected customers become known, it would be premature to make any categorical conclusions," said Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge. "Allegedly, only US customers are affected, thus it may indicate that the breach occurred via an authorized third-party or careless employee.

"Data leaks caused by negligent third-party providers have become more and more frequent these days. An abandoned US-based web system with a limited set of customers' data, can also be among the possible attack vectors. Often large companies deploy demo systems to production for legitimate testing purposes, consequentially forgetting about them, leaving the unprotected systems and data externally accessible."

Although its a security issue HSBC would not like to have, organisations that don't report attacks and breaches are fast becoming minorities as hackers are finding more and more clever and innovative ways to exploit vulnerabilities.

In the last year alone there have been data breaches on many airlines such as British Airways, Air Canada and Cathay Pacific. Organisations as big as FIFA have also fallen foul of hacking and even tech companies as big as Facebook have suffered attacks that have accessed personal data.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Lookout reveals mobile-first endpoint detection and response solution
Security

Lookout reveals mobile-first endpoint detection and response solution

21 Oct 2020
Cisco finds an increase in security concerns due to remote working
Security

Cisco finds an increase in security concerns due to remote working

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
'Robin Hood' hackers donate stolen Bitcoin to charity
ransomware

'Robin Hood' hackers donate stolen Bitcoin to charity

21 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020