Hackers have managed to penetrate the American HSBC bank's database and accessed the undefined number of clients' data. Among stolen customers' data are account numbers, balances, physical addresses, transaction history, and many other details.
Although this bank was not affected by the European GDPR regulation, US laws are no less ruthless to companies that ignore the seriousness of the security of stored personal data. California law requires organizations operating with California residents to file security notices with the Attorney General's office for any cybersecurity incident, as well as reporting to affected customers. If a company became a victim of a hacker attack and sends an incident report to more than 500 Californians, then part of this message should be made available online as well.
Exactly such a data security notice was filed by HSBC at the Attorney General's office on 2 November 2018.
In the official statement, the hacked bank admits that cybercriminals have had unauthorized online access to user accounts between October 4 and October 14, 2018. When talking about the security of bank users data, however, 10 days of hacker access to accounts are an extremely worrying period, and it's allowing them quite serious data theft and subsequent misuse of stolen information.
"HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018," HSBC's data security breach statement said. "When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account. You may have received a call or email from us so we could help you change your online banking credentials and access your account. If you need help accessing your account, please call. We apologize for this inconvenience. HSBC takes this very seriously and the security of your information is very important to us."
We must ask ourselves however, just how important is the privacy of HSBC users' personal data as this serious incident happened? Nowadays, in our precarious and dynamic technology world, of course, no one is protected against cybercrime, but it is the banking sector that is supposed to maintain the highest level of cybersecurity. It is assumed that banking institutions must regularly carry out all necessary professional tests and cybersecurity checks to ensure that the data and cash stored by them are safe.
"The information that may have been accessed includes your full name, mailing address, phone number, e-mail address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history where available," the company also admits in its official statement about the hacker theft.
In practice, this means that all the information has been stolen from any affected client, but this hacker attack was not the first breach of the personal data security of the American HSBC bank. Last year, its users were attacked with fake security software, and in 2016 a DDOS attack crushed the bank's systems. However, examples of unstable bank cybersecurity are extremely many and do not concern just HSBC.
That's why AMATAS reminds you that the measures you can take to protect your personal data by yourself from hacker attack are regularly to change your passwords to sign in to your online accounts, not storing your credentials on paper, and never use the same password to access more than one website.