HSBC locks US customers out of accounts after data breach

The bank has reported that a wide range of details had been exposed during an attack in October

HSBC sign

HSBC bank has locked some of its American customers out of their online accounts following a data breach.

The bank said it became aware of online accounts being accessed by unauthorised users between 4 and 14 October and has taken action by notifying customers - a template of which has been posted by the California Attorney General's office.

"When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account," the notice said.

According to the bank, the information that may have been accessed is quite significant and included full names, home and email addresses, phone numbers, dates of birth, transaction history, payee information and account details such as numbers, types, balances.

Advertisement - Article continues below
Advertisement - Article continues below

"HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously," a spokesman said. "We responded to this incident by fortifying our log-on and authentication processes and implemented additional layers of security for digital and mobile access to all personal and business banking accounts.

"We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identity theft protection service."

The bank has around 1.4 million accounts in the States and so far, it said it has not seen evidence of any fraudulent activity as a result of the breach. However, the details of the attack and its exact nature have not been fully explained.

"Unless the scope, circumstances and the total number of affected customers become known, it would be premature to make any categorical conclusions," said Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge. "Allegedly, only US customers are affected, thus it may indicate that the breach occurred via an authorized third-party or careless employee.

"Data leaks caused by negligent third-party providers have become more and more frequent these days. An abandoned US-based web system with a limited set of customers' data, can also be among the possible attack vectors. Often large companies deploy demo systems to production for legitimate testing purposes, consequentially forgetting about them, leaving the unprotected systems and data externally accessible."

Although its a security issue HSBC would not like to have, organisations that don't report attacks and breaches are fast becoming minorities as hackers are finding more and more clever and innovative ways to exploit vulnerabilities.

Advertisement - Article continues below

In the last year alone there have been data breaches on many airlines such as British Airways, Air Canada and Cathay Pacific. Organisations as big as FIFA have also fallen foul of hacking and even tech companies as big as Facebook have suffered attacks that have accessed personal data.

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular


How to use Chromecast without Wi-Fi

5 Feb 2020
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020

The top ten password-cracking techniques used by hackers

10 Feb 2020