HSBC Bank USA, an American subsidiary of UK based HSBC has partially confirmed that the perpetrators may have made off with personal information – names, addresses, and DOBs along with the more sensitive information like the account numbers, transaction histories, payee details and balances of thousands of its online banking customers.
In the paperwork [PDF] HSBC submitted to the California Attorney General’s office, it says that it came to know about the unauthorized access between October 4 and 14. Refraining from providing the exact number of online accounts affected by the hack, the bank summarized the attack statistics as follows, “less than 1 percent” of its U.S. customers.
Given the bank’s U.S. client base which estimates around 1.2 million customers, 12,000 customers possibly fall prey to the data breach. They had their personal details and bank specifics compromised.
HSBC Bank USA: In Response to the Security Incident
Responding to the incident, HSBC bank USA immediately suspended the online access and strengthened the authentication process, the aforementioned steps ensured that no further damage can be done to the accounts; meanwhile the bank took care of the victimized accounts.
Further preventive measures include, the bank offering a subscription to credit monitoring and identity theft protection services.
Expressing regret, the bank said, “HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously,”
“We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identify theft protection service.”
“We are reminding our customers to protect access to their banking accounts by regularly changing their passwords, and by using unique passwords they are not using elsewhere, including on any social media accounts,” the bank’s spokesperson told The Register.
The client base of HSBC is advised to update their passwords and to add additional security measures.
The bank recommended the victimized customers to monitor their account transactions and place fraud alerts on their accounts.