Brace yourself. HSBC has said its US customers’ were hacked in October. Seems like the new normal these days.
Sensitive information like account numbers and balances, statement and transaction histories and payee details, as well as users’ names, addresses, and dates of birth, were accessed, according to HSBC.
The lender, HSBC puts the number of those affected at 1%. It says it has contacted all of those exposed.
‘HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously,’ the bank said in a statement.
‘We have notified those customers whose accounts may have experienced unauthorised access, and are offering them one year of credit monitoring and identify theft protection service.’
The bank said the online accounts were breached between 4 and 14 October.
The perpetrators haven’t yet noticeably tried to use the data to steal savings
The California Attorney General’s Office has posted a template of the alert sent to customers online, as one of the states affected.
One expert believes the perpetrators used information harvested from elsewhere overtime to gain unauthorised access to the accounts called Credential stuffing.
‘The information made public so far by HSBC is quite limited,’ said Prof Alan Woodward from the University of Surrey.
‘It is clearly still investigating what happened whilst taking the actions necessary to protect customers and advise regulators.
‘There’s a lot more information we’ve yet to see, which I hope HSBC makes public when it has it.’