HSBC US falls victim to data breaches


The latest victims in the cybersecurity world to succumb to a data breach are HSBC customers. Personal details, bank statements and other pieces of information have been lost to online fraudsters.

The attack took place on HSBC’s retail business in the US at some point between October 4 and 14, the bank revealed on Tuesday.

HSBC noted that it was not aware of any customers facing financial losses but had taken measures to suspend online access to accounts of those who had been impacted by the attack.

One of HSBC’s spokesman said: “HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously.”

This particular case follows the likes of Equifax and JPMorgan in a series of prominent, large-scale data hacks. And though the number of customers affected were fewer than that of other businesses, the depth of information stolen was far greater.

In response to the hack, the bank has made an effort to up its safety measures by strengthening its log-in and authentication processes and employing additional layers of security. Affected customers have also been offered a year’s worth of free credit monitoring and identity-theft prevention products.

The attack is said to have used a method called “credential stuffing” which saw online criminals using username and password information stolen from other websites to gain access to HSBC accounts. At least one user from each state in the US was affected, including Washington DC.

As a result of the incident, the bank has warned customers against using the same details and information for their banking accounts as other logins, in particular social media profiles.

HSBC has vowed to increase its cybersecurity efforts through additional investment in products, training and staff, and noted that its main exposure to vulnerabilities comes from the negligence of customers and employees.

In 2014, HSBC’s rival JPMorgan was hit by a data breach incident and was considered the biggest in the world at the time of occurrence. Roughly two-thirds of all US households fell victim, with names, addresses, telephone numbers and emails exposed to digital criminals. Similarly, in 2017, Equifax suffered a breach which compromised the information of 143 million customers.

In this incident, however, less than 1 per cent of the bank’s 1.4 million customers in the USA were impacted by the attack. Although this is the case, a letter sent by HSBC and published by the California Attorney General's Office revealed that more details and information was exposed, particularly bank account numbers and transaction histories.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *