HSBC Bank data breach has exposed the personal details of a limited number of customer’s information which includes account numbers, balances, addresses, transaction history etc.
The data breach has been reported and notification has been sent to the customers on November 2nd, 2018. The notice of Data Breach letter relates to HSBC Bank USA, a subsidiary of the UK-based HSBC Bank and it has been filed with the California Attorney General’s office. According to the notice the affected accounts has been accessed by unauthorized users between October 4th, 2018 and October 14th, 2018.
As soon the bank came to know about the data breach, they suspended all online access to prevent further unauthorized entry of the accounts. The bank apologized for the inconvenience and they assured the customers to help them to change their online banking credentials and have also provided contact details to call them for accessing their account.
This breach has affected about 1% of U.S. accounts and that login credentials were most likely obtained from other data breaches. This information was then used as a credential stuffing attack on HSBC. To prevent credential stuffing attacks, the users are advised to regularly change their passwords and use unique passwords for each site they use.
Since the attacker used the login details of a user’s online banking account, they had access to all information that can normally available on personal banking sites. This includes names, addresses, phone numbers, balances, transactions, date of birth, account numbers, statement history etc.
HSBC said that they have increased the security in their sign-on and authentication processes to prevent similar attacks in the future. They have also implemented additional layers of security for digital and mobile access to all personal and business banking accounts. The customers whose accounts were accessed by unauthorized users are provided with one year of credit monitoring and identify theft protection service.