HSBC Bank Discloses Security Incident

"HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018," the bank wrote in a data breach notification letter submitted to Californian authorities.

• By Jessica Davis
• Nov 08, 2018

HSBC Bank disclosed Monday a data breach incident that impacted an undisclosed number of its customers.

"HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018," the bank wrote in a data breach notification letter submitted to Californian authorities.

According to HSBC, the bank suspended access to online accounts for all impacted customers and began procedures for changing passwords to those accounts. It also said it added “an extra layer of security” to HSBC accounts but did not give further details. It is unknown how many customers were affected.

Based on the incident description given by HSBC, it is likely that the attack involved attempts at brute-force password-guessing, in which hackers try to use usernames and password combos gained from other companies’ data breaches in hopes that some users have repeated credentials across websites.

HSBC did confirm that some of the attacks were successful, allowing hackers access to some customer’s details. Potentially exposed information includes full names, addresses, phone numbers, email addresses, dates of birth, account numbers, account balances, transaction histories, payee account information and statement histories.

HSBC has offered to pay for free credit monitoring and identity theft protection for all impacted users.