Unauthorized users accessed HSBC accounts between Oct. 4 and 14, the bank reports in a letter to customers.
HSBC Bank has informed account holders of a data breach affecting an undisclosed number of users, the organization reported this week. In a letter (Check Below) sent to customers and the California Attorney General’s Office, it states online accounts were compromised from Oct. 4 to 14.
The bank reports compromised information may include full names, mailing and email addresses, phone numbers, birthdates, transaction histories, payee account data, statement histories, and account numbers, types, and balances.
HSBC suspended access to affected accounts and is contacting victims about changing their online credentials. It says it has improved its authentication process for HSBC Personal Internet Banking and is offering customers a complimentary, year-long subscription to Identity Guard, which they can use to monitor accounts for credit fraud and malicious activity.
Data leaks caused by negligent third-party providers are increasingly common, says High-Tech Bridge founder and CEO Ilia Kolochenko. Oftentimes, large businesses deploy demo systems to production and forget about them, leaving data and systems vulnerable. Abandoned US-based Web systems containing customer data could be a possible attack vector.
HSBC’s response has been prompt and technically adequate, he explains, but there is still potential for consequences. “This will, however, unlikely exonerate them from private lawsuits and, perhaps, even a class action by disgruntled customers and privacy watchdogs,” Kolochenko says.