HSBC has been forced to accept that hackers have made off with personal details of thousands of its online-banking customers. The bank suffered a serious data breach in it’s US retail business, with fraudsters gaining access to customers’ account details, statement histories and other personal information.
The incidents occurred between October 4 and 14, HSBC said on Tuesday. The bank immediately suspended online access to affected accounts and was not aware of any customers who had suffered financial loss. The breach is the latest in a series of high-profile security incidents at major financial services groups.
Although it affected significantly fewer people than previous breaches at firms such as Equifax and JPMorgan, fraudsters were able to access more detailed customer information. A spokesman for the bank said: “HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously.”
Banks have invested significant amounts in strengthening their cyber security in recent years, but remain particularly vulnerable to attacks that exploit customer or employee carelessness. HSBC said its attackers used a method known as “credential stuffing”, whereby criminals use password information and data gathered from other websites to gain access to accounts.
To put the breach in perspective, less than 1% of HSBC’s 1.4 million US customers were affected by the breach. However, attackers were able to access a broader range of data including account numbers and transaction histories, according to a letter – the bank submitted paperwork to the California Attorney General’s office late last week outlining its plan to notify folks of the significant data theft.
California law requires that the AG be notified whenever a computer security breach affects 500 or more residents in the US state.
The post HSBC (Hacker Security Breach Confirmed) admits hackers gained access appeared first on Payments Cards & Mobile.