Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook Follow The Paypers on Google +
The Paypers, paypers, Insight in payments, News, Reports, Events
 advertisement
Digital Identity, Security & Online Fraud

HSBC suffers data breach online accounts

Thursday 8 November 2018 | 01:20 PM CET

HSBC has announced that less than 1% of online banking accounts were breached between 4 October and 14 October 2018 by unauthorized users.

The bank sent a disclosure notice to customers on 2 November, suspending all the affected accounts. Customer information that may have been accessed includes full names, mailing addresses, phone numbers, email addresses, dates of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history.

The breach may have occurred through a technique called "credential stuffing," in which hackers who have stolen passwords for other websites try them out on an online banking site, under the assumption that people use the same passwords everywhere they go on the web.

The bank uses Captcha in order to boost authentication for online banking, as it uses visual images and a challenge-response test to determine if a log-on attempt is being made by a human.

However, the customer letter came out 19 days after the breach occurred. In data breaches, disclosure comes usually several months after an attack. This quick reporting time may be a result of regulatory pressure, as Europe's General Data Protection Regulation requires companies to disclose personal data breaches to regulators and affected customers within 72 hours of becoming aware of them.

More: Link
 advertisement
 advertisement
 advertisement
 advertisement