Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

HSBC Bank USA Warns Customers of Data Breach

Unknown attackers were able to access online accounts of HSBC Bank USA users in the first half of October, the bank told customers in a letter.

Unknown attackers were able to access online accounts of HSBC Bank USA users in the first half of October, the bank told customers in a letter.

The data breach happened between October 4 and October 14, and prompted the United States subsidiary of UK-based HSBC to block access to online accounts, to prevent further unauthorized access, the letter the bank sent to customers (PDF) reveals.

“When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account. You may have received a call or email from us so we could help you change your online banking credentials and access your account,” HSBC explains.

The notice also reveals the large amount of data that was exposed to the attackers when they accessed the online accounts.

“The information that may have been accessed includes your full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history where available,” the letter reads. 

Following the incident, the bank also decided to enhance the authentication process for HSBC Personal Internet Banking with the addition of an extra layer of security. The organization is also providing impacted customers with credit monitoring and identity theft protection.

Impacted customers are also advised to monitor their accounts for any unauthorized activity and to contact the bank if they notice anything suspicious. They should also place a fraud alert on their credit files, so that creditors would contact them before making any new operation. 

Periodically obtaining credit reports and informing law enforcement of any suspicious activity should also help the bank’s users avoid losses.

Advertisement. Scroll to continue reading.

This data breach is not the first cyber incident involving HSBC. Last year, the bank’s users were targeted with fake security software, while in 2016 a crippling distributed denial of service (DDOS) attack knocked its systems offline for hours. 

Related: HSBC Users Targeted With Fake Security Software

Related: Britain’s HSBC Recovers from Massive DDoS Attack

Related: HSBC Allows Selfies for User Authentication

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.