HSBC has said some of its US customers’ bank accounts were hacked in October. The lender said that the perpetrators may have accessed information including account numbers and balances, statement and transaction histories and payee details, as well as users’ names, addresses and dates of birth.
“HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously,” the bank said in a statement.
“We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identity theft protection service.”
The HSBC logo is seen above a branch of the bank in the Sao Paulo financial center, Brazil
The bank said the online accounts were breached between 4 and 14 October. It is not clear whether the attackers have tried to make use of the data to steal savings, reports BBC.
A template of the alert sent to customers has been posted online by the California Attorney General’s Office, although the hack was not limited to that state.
One expert said it appeared that the technique involved was a “credential stuffing” in which personal details harvested from elsewhere had been used to gain unauthorized access to the accounts.
“The information made public so far by HSBC is quite limited,” said Prof Alan Woodward from the University of Surrey.
“It is clearly still investigating what happened whilst taking the actions necessary to protect customers and advise regulators.
“There’s a lot more information we’ve yet to see, which I hope HSBC makes public when it has it.”