Multinational bank HSBC this week said hackers gained unauthorized access to the accounts of some of its U.S. customers in October.
The lender sent a letter to customers on Nov. 4 notifying them that hackers may have accessed sensitive information like their “full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history where available.”
The cyber-attack took place Oct. 4-14 and only U.S.-based clients were affected, HSBC said.
Public details about the breach are limited, and it is unclear whether the hackers sought to use such data to pilfer savings at the bank.
“HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously,” Robert Sherman, head of HSBC’s media relations in the U.S., said in a statement to The Hill on Wednesday.
He added that the bank is looking to boost its cyber-security.
“We responded to this incident by fortifying our log-on and authentication processes, and implemented additional layers of security for digital and mobile access to all personal and business banking accounts,” Sherman said. “We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identify theft protection service.”
The lender said the breach was the result of a “credential stuffing” attack, in which the cyber criminals gained access to personal information from others sources that ultimately allowed them to gain unauthorized access to HSBC accounts via social engineering techniques.
Credential stuffing can stem from cases where a customer uses the same password on multiple sites, including the same password for online banking.
“We are advising our consumers to protect access to their banking accounts by regularly changing their passwords, and by using unique passwords they are not using elsewhere, including on any social media accounts,” Sherman said. But having said that your password wasnt the issue… The issue was bad protection on such an attractive source to hack. Banks need to do more. Scary to think we live our lives from our banks. Cyber Attacks will be HUGELY targeting banks & monetary systems in the coming years & these things will continue to happen!
If your a HSBC Customer we would advise you check with them to see if you need to action anything.
True privacy shouldn’t break the bank! This is our right! So grab a 20% discount on our VPN with promo code “NOLIMITS” meaning you can sign up NOW for £2pm.