According to the bank, some of the accounts of its customers in the United States were hacked in October
HSBC systems in the United States were hacked last October, as reported by specialists in digital forensics from the International Institute of Cyber Security. The banking institution reported that hackers could have accessed information that includes account numbers and balances, account statements and transactions and account holder details, as well as names, addresses and users’ dates of birth.
According to the first reports, it is estimated that an amount equivalent to less than 1% of the bank’s American customers were affected. The bank has already established direct contact with those users who might have been affected by this security incident.
“HSBC regrets this incident and assumes responsibility for protecting affected customers very seriously”, the bank said in a statement. “We have notified those customers, whose accounts might have been compromised, and we offer a year of credit monitoring and identity theft protection services, and we also inform that our digital forensics teams are thoroughly analyzing the incident”.
The bank said the security breach occurred between October 4 and 14. It is still unclear whether attackers have tried to use this information to perform fraudulent transactions.
A security alert sent to affected customers has been posted online by the California attorney General’s office, although the hack is not confined to Californian territory. An expert in cybersecurity and digital forensics mentioned that the technique implemented in the attack is apparently a “credential filling” in which personal data collected through other websites were used to gain unauthorized access to the bank’s accounts.
“So far, the information provided by HSBC is quite limited, it does not include technical details of the hacking techniques used and the actual scope of the attack is unknown”, said Professor Alan Woodward of the University of Surrey.
“It is clear that the research is still ongoing, but it is necessary to know what happened to take the necessary measures to protect customers and advise regulatory authorities. There is much more information that we still do not know, that I hope HSBC will make public when the panorama becomes clearer”.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.