By Ashley Young-
HSBC’s admission that hackers have probably made off with personal details of thousands of its online-banking customers, is disappointing.
The lender said that the perpetrators may have accessed information including account numbers and balances, statement and transaction histories and payee details, as well as users’ names, addresses and dates of birth.
The bank submitted paperwork to the California Attorney General’s office late last week , in which it expressed its plan to inform customers of the significant data theft. California law requires that the AG be notified whenever a computer security breach affects 500 or more residents in the US state.
HSBC would not give the exact number of online banking accounts crooks rummaged through, but it would say the hack affects “less than 1 per cent” of what reports estimate are 1.2 million US customers, meaning as many as 12,000 Americans could have had their personal information and account details fall into the hands of scumbags. Bear in mind, as we’ve seen with Equifax, that number may rise considerably.
The accounts were likely ransacked between October 4 and 14, this year, we’re told.
“We are reminding our customers to protect access to their banking accounts by regularly changing their passwords, and by using unique passwords they are not using elsewhere, including on any social media accounts,” an HSBC spokesperson told The Register.
Criminals exploited the fact people reuse the same usernames and passwords across many sites. The hackers may have obtained victims’ login details from one website, and used them to log into HSBC online banking accounts that reused the same credentials.
The data likely swiped from the online accounts looks to be highly sensitive and, if put to use by cyHSBC says the hackers would have been able to siphon off customers’ full names, mailing addresses, phone numbers, email addresses, dates of birth, account numbers, account types, account balances, transaction histories, payee account information, and statement histories.
“HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018,” the bank will tell those whose details were likely nabbed during the cyber-raid.
“When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account.”
HSBC says that “out of an abundance of caution” it is going to offer one year of free credit monitoring and identity protection to those who were affected. “We have enhanced our authentication process for HSBC Personal Internet Banking, adding an extra layer of security,” it added