Recently, financial data of several customers of HSBC Bank in U.S. was compromised in an apparent data breach. Read on to know more about it…
Last month, HSBC bank in the United States became a target of the hackers. The bank discovered an unauthorised access to online accounts. The bank confirmed that it suffered a data breach where account details of some of their online customers was compromised. HSBC believes the hackers carried out the attacks between October 4, 2018 and October 14, 2018.
HSBC bank announced a data breach impacting an undisclosed number of customers. However, only a few of customers were affected, i.e. reportedly less than 1%. According to the letter, customer accounts were accessed during the first half of October this year.
The stolen information that was stolen of the bank online customers include full name, mailing address, date of birth, phone number, email address, account numbers, account types, account balances, transaction history, payee account information, and statement history where available.
“We are advising our consumers to protect access to their banking accounts by regularly changing their passwords, and by using unique passwords they are not using elsewhere, including on any social media accounts,” according to HSBC.
Even more data could have been compromised, Jarrod Overson, director of engineering at Mountain View, Calif.-based security firm Shape Security, said. The circumstances of the breach suggest the attackers already had user passwords, he said. Security Experts say that often hackers will make use of user names and passwords compromised in prior breaches, and plug them into other institutions – a tactic known as an account takeover or “credential stuffing.”. Major breaches such as those at Equifax EFX, and Yahoo have given hackers plenty of such user credentials to work with. Overson added that “This is typical for account takeovers due to credential stuffing and, with over 7 billion credential records spilled since 2015, it’s reasonable to assume this could happen to just about anybody,”
As a safety measure, affected accounts of online banking customers were suspended online to guard against further unauthorized entry. Further compromised user received calls/emails where they were prompted to change their banking details before accessing their accounts.
According to BBC, HSBC reported that “HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously,”. Further, the bank added “We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identify theft protection service.”
Since HSBC is based in the U.K., it is subject to the General Data Protection Regulation (GDPR) — a set of data-handling rules put forth by European Union (EU) regulators that went into effect in May this year. Accordingly, organizations must disclose breaches within 72 hours or they will be fined €20 million ($24.5 million) or 4% of their global annual revenue.
Security Guidelines for Banking Customers
The following are some of the security guidelines for online banking customers…
* Online account users should monitor their account transactions for any unauthorized activity and contact their bank immediately if any is noticed.
* Fraud alerts should be placed on credit files, which tells creditors to contact the account owner before they open any new accounts or change existing accounts.
* Periodically obtain and review your credit reports for any information relating to fraudulent transactions to help you spot problems and address them quickly.
* Contact the bank or cyber police if you find any suspicious activity on your credit reports or suspect your personal information is being misused.