HSBC locks US customers out of accounts after data breach

The bank has reported that a wide range of details had been exposed during an attack in October

HSBC sign

HSBC bank has locked some of its American customers out of their online accounts following a data breach.

The bank said it became aware of online accounts being accessed by unauthorised users between 4 and 14 October and has taken action by notifying customers - a template of which has been posted by the California Attorney General's office.

Advertisement - Article continues below

"When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account," the notice said.

According to the bank, the information that may have been accessed is quite significant and included full names, home and email addresses, phone numbers, dates of birth, transaction history, payee information and account details such as numbers, types, balances.

"HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously," a spokesman said. "We responded to this incident by fortifying our log-on and authentication processes and implemented additional layers of security for digital and mobile access to all personal and business banking accounts.

"We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identity theft protection service."

The bank has around 1.4 million accounts in the States and so far, it said it has not seen evidence of any fraudulent activity as a result of the breach. However, the details of the attack and its exact nature have not been fully explained.

Advertisement - Article continues below
Advertisement - Article continues below

"Unless the scope, circumstances and the total number of affected customers become known, it would be premature to make any categorical conclusions," said Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge. "Allegedly, only US customers are affected, thus it may indicate that the breach occurred via an authorized third-party or careless employee.

"Data leaks caused by negligent third-party providers have become more and more frequent these days. An abandoned US-based web system with a limited set of customers' data, can also be among the possible attack vectors. Often large companies deploy demo systems to production for legitimate testing purposes, consequentially forgetting about them, leaving the unprotected systems and data externally accessible."

Although its a security issue HSBC would not like to have, organisations that don't report attacks and breaches are fast becoming minorities as hackers are finding more and more clever and innovative ways to exploit vulnerabilities.

Advertisement - Article continues below

In the last year alone there have been data breaches on many airlines such as British Airways, Air Canada and Cathay Pacific. Organisations as big as FIFA have also fallen foul of hacking and even tech companies as big as Facebook have suffered attacks that have accessed personal data.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020

K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular


Apple confirms serious bugs in iOS 13.5

4 Jun 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020