Add HSBC to the long list of financial institutions whose customer data has been compromised.
Some US customers of HBSC
HSBC, + 0.22%
were informed in a letter dated November 2 that their accounts had been compromised. 2 Fewer than 1% of the bank's US clients were affected by the breach, the company told BBC on Tuesday.
"HSBC regrets this incident and we take our responsibility to protect our clients very seriously," the bank said to the BBC. "We've notified customers whose accounts may have unauthorized access and offer them one year of credit monitoring to identify an anti-theft service."
According to the letter, customer accounts were accessed in the first half of October. This violation included the full names of customers, postal addresses, telephone numbers, e-mail addresses, birth dates, bank account numbers, account types, account balances, transaction histories and account statement histories. More data could potentially have been compromised, said Jarrod Overson, Director of Engineering at Mountain View, California, and security firm Shape Security. The circumstances of the breach indicate that the attackers already had user passwords.
Hackers often use usernames and passwords that have been compromised in previous violations and integrate them into other institutions – a tactic known as bank account or "credentials". Fatal violations such as those at Equifax and Yahoo have in many ways caused hacker user credentials for work, experts say.
"This is typical for certificate submission, and with more than 7 billion credits since 2015, it's reasonable to assume that this could happen to almost anyone," Overson said.
As HSBC is based in the United States, it is governed by the General Data Protection Regulation (DSGVO) – a set of data-processing rules put in place by the European Union's regulators in May. Companies must report violations within 72 hours or fines of EUR 20 million (USD 24.5 million) or 4% of their worldwide annual turnover.
HSBC's customers should change their passwords and take additional security measures into account, said Jacob Serpa, product marketing manager at Campbell, California.
HSBC suggested that affected customers monitor account transactions and place fraud alerts on their accounts. It offers customers a one-year subscription to the Identity Guard Credit Monitoring Service.
Get a daily summary of the top reads in your personal inbox. Subscribe to the free MarketWatch Personal Finance Daily newsletter. Sign up here.