London-headquartered HSBC has confirmed that online bank accounts of its customers in the US were illegally accessed about a month ago, with possibly compromised data including account numbers and transaction history.
In response to the cyber incident, which took place between October 04 and 14, the banking giant suspended access to prevent further unauthorised entry; contacted affected clients to assist them in changing their online banking credentials; and enhanced its authentication process to add another layer of security.
“We apologise for this inconvenience,” stated the lender in the notice of data breach seen by Insurance Business. “HSBC takes this very seriously and the security of your information is very important to us.”
Other details that unauthorised users may have got hold of are customers’ full names, mailing addresses, phone numbers, email addresses, date of birth, account types, account balances, payee account information, and statement history.
Meanwhile, “out of an abundance of caution,” HSBC said it will also offer a complimentary one-year subscription to a credit monitoring and identity theft protection service.
It is believed that less than 1% of the US clientele has been impacted.
Last month the UK’s Financial Conduct Authority slapped Tesco Bank with a £16.4 million fine “for failing to exercise due skill, care, and diligence in protecting its personal current account holders against a cyberattack” back in 2016.