The HSBC bank has been affected by a data breach, as a result of which some of its US customers’ bank accounts were hacked. The incident took place in October. It appears that hackers may have accessed sensitive information such as account numbers and balances, statement and transaction histories and payee details.
Other affected personal details may be names, addresses and dates of birth. As for the number of affected customers, HSBC says that less than 1 percent of its American clients were hacked.
The bank has issued a breach notification which reads the following:
HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018. When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account. You may have received a call or email from us so we could help you change your online banking credentials and access your account. If you need help accessing your account, please call <
>.
It is yet unknown whether the breached information was abused to steal money from the bank’s customers.
How Did the HSBC Data Breach Happen?
The credential stuffing technique was used to hack into customers’ accounts. The hackers were able to log into an online banking accounts. Hence, they had access to all the information usually featured on personal banking sites, such as account numbers and balances, statement and transaction histories and payee details, addresses and names, as noted in the breach notification:
The information that may have been accessed includes your full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history where available.
As a way to apologize for the hack, HSBC is offering victims a free year of the Identity Guard credit monitoring service.