Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

HSBC confirms "some" mortgage customers are affected by data breach

by The Gurus
April 16, 2015
in Editor's News
Share on FacebookShare on Twitter

HSBC has confirmed that a recent data breach only relates to mortgage customers HSBC Finance Corp in the USA.
 
In a notification, HSBC said that the notice was sent by HSBC Finance Corporation on behalf of its subsidiaries regarding a breach that it learned about on March 27th.
 
“At that time, we became aware of an incident where certain personal information about customer mortgage accounts was inadvertently made accessible via the internet which we believe was towards the end of last year,” the notification said. “This information included the name, social security number, account number and some old account information, and may have included phone numbers.”
 
HSBC said that it takes the issue seriously, and deeply regrets it happening. “We are conducting a thorough review of the potentially affected records and have implemented additional security measures designed to prevent a recurrence of such an incident,” it said. “We have ensured that the information is no longer accessible publicly. The company has notified law enforcement and the credit reporting agencies of the incident, and no delay in advising you has been caused by law enforcement notification.”
 
The breach affected customers of the firm’s subsidiaries, including Beneficial Financial I, Inc., Beneficial Homeowner Service Corporation, Beneficial Maine, Inc., Beneficial Massachusetts, Inc., Beneficial New Hampshire, Inc., Household Finance Corporation II, Household Finance Corporation of Alabama, Household Financial Center, Inc., and Household Realty Corporation.
 
HSBC did not disclose how many were affected, telling IT Security Guru that “this matter only affects some mortgage customers”, although databreaches.net said that among those affected were 685 residents of New Hampshire.
 
Amichai Shulman, CTO of Imperva, said that he believed that the issue was due to customer files (or a single file containing data for multiple customers) being mistakenly transferred to a web server available on the wider web.
 
He said: “That file (or those files) where indexed by Google (or some other search engine) and thus became available to everyone. My guess is that they became aware of it through someone who did some Google snooping and incidentally bumped into this file.”
 
Commenting, TK Keanini, CTO of Lancope, said that as HSBC is a connected business and like any other business today, is highly connected and digital dependent. “Let us just hope that the right level of telemetry is on the network itself so that the right level of forensics can ensure that everything known about the breach is known for remediation,” he said.
 
Keanini also praised the local security of HSBC, as the attacker had to go to the third party to find an access vector.
 
Tim Erlin, director of security and risk at Tripwire, said: “This is an example of breach notification laws in action, for both good and bad. We’re finding out about this breach because HSBC has been required to notify residents of New Hampshire who were affected, but the notification laws vary across states and countries so that the extent and impact is obscured.
 
“The notification describes data ‘inadvertently made accessible via the Internet,’ which might simply mean a spreadsheet shared where it shouldn’t have been. It could be that this incident really is contained to 685 residents of New Hampshire, and was the result of simple human error.”

FacebookTweetLinkedIn
Tags: Bankdata breach
ShareTweetShare
Previous Post

APT on APT attack reveals new actors

Next Post

Application security still bothering professionals, who lack people to fix problems find (ISC)²

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information