HSBC Bank USA Admits Breach Exposing Account Numbers And Transaction History

It appears that an undisclosed number of HSBC Bank customers may have had personal information exposed as a result of a data breach. David Bisson, an associate editor for security vendor Tripwire’s ‘The State of Security’ blog, reports that the California Attorney General’s Office has received a copy of a templated letter sent to bank customers dated November 2nd.

Having now seen a copy of the letter, I can confirm that HSBC states it “became aware of online accounts being accessed by unauthorized users” between October 4th and 14th.

Following the now sadly all too common apologies for the inconvenience and assurances that security of personal information is very important to the organization that has been breached, HSBC reveals the bombshell. In a section headed ‘What Information Was Involved?’ HSBC states that information accessed may include:

  • Full name
  • Mailing address
  • Phone number
  • Email address
  • Date of birth
  • Account numbers
  • Account types
  • Account balances
  • Transaction history
  • Payee account information
  • Statement history

Wowsers! That’s a lot of personal information to be at risk of compromise. Especially considering that this is a bank we are talking about, and its parent is the biggest in Europe for that matter. Apparently HSBC’s earnings were up 28% on the same quarter last year, with pre-tax profits of $5.9 billion from revenue of $13.79 billion. What a shame, then, that some of it wasn’t used a little earlier for the extra layer of security that the breach letter informs customers about, but which wasn’t added before this particular threat had bolted.


Mais do que uma solução tecnológica, somos uma decisão estratégica para as organizações.

Nossa missão é redefinir a relação das empresas com a cibersegurança e a experiência dos usuários no processo de autenticação e acesso a ativos tecnológicos.