Attacks/Breaches

11/6/2018
12:45 PM
50%
50%

HSBC: Security Breach Exposes Account, Transaction Data

Unauthorized users accessed HSBC accounts between Oct. 4 and 14, the bank reports in a letter to customers.

HSBC Bank has informed account holders of a data breach affecting an undisclosed number of users, the organization reported this week. In a letter sent to customers and the California Attorney General's Office, it states online accounts were compromised from Oct. 4 to 14.

The bank reports compromised information may include full names, mailing and email addresses, phone numbers, birthdates, transaction histories, payee account data, statement histories, and account numbers, types, and balances.

HSBC suspended access to affected accounts and is contacting victims about changing their online credentials. It says it has improved its authentication process for HSBC Personal Internet Banking and is offering customers a complimentary, year-long subscription to Identity Guard, which they can use to monitor accounts for credit fraud and malicious activity.

Data leaks caused by negligent third-party providers are increasingly common, says High-Tech Bridge founder and CEO Ilia Kolochenko. Oftentimes, large businesses deploy demo systems to production and forget about them, leaving data and systems vulnerable. Abandoned US-based Web systems containing customer data could be a possible attack vector.

HSBC's response has been prompt and technically adequate, he explains, but there is still potential for consequences. "This will, however, unlikely exonerate them from private lawsuits and, perhaps, even a class action by disgruntled customers and privacy watchdogs," Kolochenko says.

Read more details here.

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
CVE-2018-15805
PUBLISHED: 2018-12-10
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
CVE-2018-16635
PUBLISHED: 2018-12-10
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.