HSBC experienced a data breach, impacting some U.S. customers and their personal data. Although there are no signs of fraud just yet, the breach may have impacted about 14,000 customers.
HSBC Data Breach
The attack occurred from October 4th to October 14th in London’s HSBC which is the world’s seventh largest bank and the biggest in Europe. When the breach was identified, HSBC “suspended online access to prevent further unauthorized entry” to affected accounts.
“The information that may have been accessed includes your full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information and statement history where available,” HSBC says in its data breach notification.
Notifying Impacted People About the Breach
HSBC and their attorneys notified affect victims of this breach via mail on November 2. Less than 1 percent of HSBC costumers were impacted by the breach. HSBC refused to reveal the number of victims, but they manage about 1.4 million U.S. accounts, therefore, 14,000 customers may have been impacted.
“HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously,” the bank states. “We responded to this incident by fortifying our log-on and authentication processes, and implemented additional layers of security for digital and mobile access to all personal and business banking accounts,” the statement notes. “We have notified those customers whose accounts may have experienced unauthorized access and are offering them one year of credit monitoring and identify theft protection service.”
Credential Stuffing Attack
The threat artists behind this attack are believed to go on a credential stuffing attack, which is what criminals usually do after obtaining usernames, passwords, or other personal data to gain access into an account.
The best way to guard against these attacks is to never use the same password on multiple accounts. Using the same credentials for multiple sites is a hacker’s dream come true.
Not HSBC’s First Breach
HSBC has suffered other data breaches and online attacks. Here’s a timeline:
- July 2009: The Financial Services Authority fined three HSBC firms a total of £3 million after a string of problems, including losing an unencrypted disc containing customers’ personal details, which was lost, as well as leaving such information lying around offices.
- January 2010: HSBC said that a former employee had stolen information pertaining to up to 24,000 clients’ accounts in Switzerland, which he turned over to French tax authorities.
- October 2012: Access to customer accounts was disrupted by distributed denial-of-service attacks launched by Izz ad-Din al-Qassam Cyber Fighters, a group that U.S. intelligence officials have said was a cover for an Iranian government campaign.
- March 2015: HSBC Finance in the U.S. discovered a data breach involving mortgage data that appeared to have begun in 2014.
- January 2016: HSBC repelled fresh DDoS attacks, but its mitigation efforts left some customers unable to access their accounts.
- June 2016: HSBC faced repeat DDoS attacks, with its mitigations leading to repeat account access disruptions for some customers.
Original Article Found Here.