HSBC Bank USA notified customers of a data breach that has happened between October 4 and October 14, unknown attackers were able to access online accounts of the financial institution.
Exposed info includes customer full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history where available.
HSBC Bank sent a letter to its customers to notify the incident.
“HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018. When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account.” reads the letter sent by the bank to the customers.
“You may have received a call or email from us so we could help you change your online banking credentials and access your account. If you need help accessing your account, please call <>.”
In response to the security breach, the United States subsidiary of HSBC blocked access to online accounts to prevent abuses.
After the data breach, HSBC Bank enhanced the authentication process for HSBC Personal Internet Banking, adding an extra layer of security.
The back is also providing impacted customers with a complimentary year subscription to a credit monitoring and identity theft protection service provided by Identity Guard.
Impacted customers should do:
This isn’t the first incident suffered by HSBC, in March 2017, a spam campaign impersonating UK-based bank attempted to distribute malware masquerading as legitimate security software
In January 2016 the British branch of the HSBC bank suffered twice in a month a cyber attack that brought its services offline.
In November 2014, the Hong Kong and Shanghai Banking Corporation announced that its computer networks in Turkey were breached by unknowns. The data breach exposed the personal data of about 2.7 million customers, including names of clients, card expiry dates, their card numbers, and linked account numbers.
(Security Affairs – HSBC bank, data breach)